From: Damien Miller Subject: Update libcrux ML-KEM used in OpenSSH To: tech@openbsd.org Cc: openssh@openssh.com Date: Thu, 13 Nov 2025 11:18:27 +1100 Hi, This updates the implementation of ML-KEM that is used in the default key agreement algorithm to upstream[1] v0.0.4. This is code generated from a theorem prover so the code is pretty unreadable and there's lots of churn, but you can reproduce the import using the mlkem768.sh script; it will check out libcrux from git and convert/mutate their code into the single header we use in OpenSSH. I'd particularly appreciate test reports from anyone with access to a 64-bit BE architecture, as there has been bugs here in the past. Thanks, Damien [1] https://github.com/cryspen/libcrux commit c264e611b6f25a720b41c8ca5c51c61c7676f8e5 Author: Damien Miller Date: Thu Nov 13 11:10:01 2025 +1100 update libcrux ML-KEM implementation to v0.0.4 diff --git a/libcrux_mlkem768_sha3.h b/libcrux_mlkem768_sha3.h index b8ac143..fe19d3e 100644 --- a/libcrux_mlkem768_sha3.h +++ b/libcrux_mlkem768_sha3.h @@ -1,6 +1,6 @@ -/* $OpenBSD: libcrux_mlkem768_sha3.h,v 1.2 2024/10/27 02:06:01 djm Exp $ */ +/* $OpenBSD$ */ -/* Extracted from libcrux revision 84c5d87b3092c59294345aa269ceefe0eb97cc35 */ +/* Extracted from libcrux revision 026a87ab6d88ad3626b9fbbf3710d1e0483c1849 */ /* * MIT License @@ -34,100 +34,224 @@ #define KRML_HOST_EPRINTF(...) #define KRML_HOST_EXIT(x) fatal_f("internal error") -/* from libcrux/libcrux-ml-kem/cg/eurydice_glue.h */ -/* - * SPDX-FileCopyrightText: 2024 Eurydice Contributors - * SPDX-FileCopyrightText: 2024 Cryspen Sarl - * - * SPDX-License-Identifier: MIT or Apache-2.0 - */ +static inline void +store64_le(uint8_t dst[8], uint64_t src) +{ + dst[0] = src & 0xff; + dst[1] = (src >> 8) & 0xff; + dst[2] = (src >> 16) & 0xff; + dst[3] = (src >> 24) & 0xff; + dst[4] = (src >> 32) & 0xff; + dst[5] = (src >> 40) & 0xff; + dst[6] = (src >> 48) & 0xff; + dst[7] = (src >> 56) & 0xff; +} +static inline void +store32_le(uint8_t dst[4], uint32_t src) +{ + dst[0] = src & 0xff; + dst[1] = (src >> 8) & 0xff; + dst[2] = (src >> 16) & 0xff; + dst[3] = (src >> 24) & 0xff; +} + +static inline void +store32_be(uint8_t dst[4], uint32_t src) +{ + dst[0] = (src >> 24) & 0xff; + dst[1] = (src >> 16) & 0xff; + dst[2] = (src >> 8) & 0xff; + dst[3] = src & 0xff; +} + +static inline uint64_t +load64_le(uint8_t src[8]) +{ + return (uint64_t)(src[0]) | + ((uint64_t)(src[1]) << 8) | + ((uint64_t)(src[2]) << 16) | + ((uint64_t)(src[3]) << 24) | + ((uint64_t)(src[4]) << 32) | + ((uint64_t)(src[5]) << 40) | + ((uint64_t)(src[6]) << 48) | + ((uint64_t)(src[7]) << 56); +} + +static inline uint32_t +load32_le(uint8_t src[4]) +{ + return (uint32_t)(src[0]) | + ((uint32_t)(src[1]) << 8) | + ((uint32_t)(src[2]) << 16) | + ((uint32_t)(src[3]) << 24); +} +/* from libcrux/libcrux-ml-kem/extracts/c_header_only/generated/eurydice_glue.h */ #pragma once + +#ifdef _MSC_VER +// For __popcnt +#endif + + +// C++ HELPERS + #if defined(__cplusplus) -extern "C" { + +#ifndef KRML_HOST_EPRINTF +#define KRML_HOST_EPRINTF(...) fprintf(stderr, __VA_ARGS__) +#endif + + +#ifndef __cpp_lib_type_identity +template +struct type_identity { + using type = T; +}; + +template +using type_identity_t = typename type_identity::type; +#else +using std::type_identity_t; #endif +#define KRML_UNION_CONSTRUCTOR(T) \ + template \ + constexpr T(int t, V U::*m, type_identity_t v) : tag(t) { \ + val.*m = std::move(v); \ + } \ + T() = default; + +#endif + +// GENERAL-PURPOSE STUFF + +#define LowStar_Ignore_ignore(e, t, _ret_t) ((void)e) +#define EURYDICE_ASSERT(test, msg) \ + do { \ + if (!(test)) { \ + fprintf(stderr, "assertion \"%s\" failed: file \"%s\", line %d\n", msg, \ + __FILE__, __LINE__); \ + exit(255); \ + } \ + } while (0) // SLICES, ARRAYS, ETC. -// The MSVC C++ compiler does not support compound literals. -// This CLITERAL is used to turn `(type){...}` into `type{...}` when using a C++ -// compiler. -#if defined(__cplusplus) -#define CLITERAL(type) type -#else -#define CLITERAL(type) (type) -#endif - // We represent a slice as a pair of an (untyped) pointer, along with the length // of the slice, i.e. the number of elements in the slice (this is NOT the // number of bytes). This design choice has two important consequences. // - if you need to use `ptr`, you MUST cast it to a proper type *before* -// performing pointer -// arithmetic on it (remember that C desugars pointer arithmetic based on the -// type of the address) +// performing pointer arithmetic on it (remember that C desugars pointer +// arithmetic based on the type of the address) // - if you need to use `len` for a C style function (e.g. memcpy, memcmp), you -// need to multiply it -// by sizeof t, where t is the type of the elements. +// need to multiply it by sizeof t, where t is the type of the elements. // -// Empty slices have `len == 0` and `ptr` always needs to be valid pointer that -// is not NULL (otherwise the construction in EURYDICE_SLICE computes `NULL + -// start`). +// Empty slices have `len == 0` and `ptr` always needs to be a valid pointer +// that is not NULL (otherwise the construction in EURYDICE_SLICE computes `NULL +// + start`). typedef struct { void *ptr; size_t len; } Eurydice_slice; +#if defined(__cplusplus) +#define KRML_CLITERAL(type) type +#else +#define KRML_CLITERAL(type) (type) +#endif + +#if defined(__cplusplus) && defined(__cpp_designated_initializers) || \ + !(defined(__cplusplus)) +#define EURYDICE_CFIELD(X) X +#else +#define EURYDICE_CFIELD(X) +#endif + // Helper macro to create a slice out of a pointer x, a start index in x // (included), and an end index in x (excluded). The argument x must be suitably // cast to something that can decay (see remark above about how pointer // arithmetic works in C), meaning either pointer or array type. #define EURYDICE_SLICE(x, start, end) \ - (CLITERAL(Eurydice_slice){.ptr = (void *)(x + start), .len = end - start}) -#define EURYDICE_SLICE_LEN(s, _) s.len + (KRML_CLITERAL(Eurydice_slice){(void *)(x + start), end - start}) + +// Slice length +#define EURYDICE_SLICE_LEN(s, _) (s).len +#define Eurydice_slice_len(s, _) (s).len + // This macro is a pain because in case the dereferenced element type is an // array, you cannot simply write `t x` as it would yield `int[4] x` instead, // which is NOT correct C syntax, so we add a dedicated phase in Eurydice that // adds an extra argument to this macro at the last minute so that we have the // correct type of *pointers* to elements. #define Eurydice_slice_index(s, i, t, t_ptr_t) (((t_ptr_t)s.ptr)[i]) -#define Eurydice_slice_subslice(s, r, t, _) \ + +// The following functions get sub slices from a slice. + +#define Eurydice_slice_subslice(s, r, t, _0, _1) \ EURYDICE_SLICE((t *)s.ptr, r.start, r.end) + // Variant for when the start and end indices are statically known (i.e., the // range argument `r` is a literal). #define Eurydice_slice_subslice2(s, start, end, t) \ - EURYDICE_SLICE((t *)s.ptr, start, end) -#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _) \ + EURYDICE_SLICE((t *)s.ptr, (start), (end)) + +// Previous version above does not work when t is an array type (as usual). Will +// be deprecated soon. +#define Eurydice_slice_subslice3(s, start, end, t_ptr) \ + EURYDICE_SLICE((t_ptr)s.ptr, (start), (end)) + +#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _0, _1) \ EURYDICE_SLICE((t *)s.ptr, 0, subslice_end_pos) -#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _) \ + +#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _0, _1) \ EURYDICE_SLICE((t *)s.ptr, subslice_start_pos, s.len) + #define Eurydice_array_to_slice(end, x, t) \ EURYDICE_SLICE(x, 0, \ end) /* x is already at an array type, no need for cast */ -#define Eurydice_array_to_subslice(_arraylen, x, r, t, _) \ +#define Eurydice_array_to_subslice(_arraylen, x, r, t, _0, _1) \ EURYDICE_SLICE((t *)x, r.start, r.end) + // Same as above, variant for when start and end are statically known #define Eurydice_array_to_subslice2(x, start, end, t) \ - EURYDICE_SLICE((t *)x, start, end) -#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t) \ + EURYDICE_SLICE((t *)x, (start), (end)) + +// Same as above, variant for when start and end are statically known +#define Eurydice_array_to_subslice3(x, start, end, t_ptr) \ + EURYDICE_SLICE((t_ptr)x, (start), (end)) + +#define Eurydice_array_repeat(dst, len, init, t) \ + ERROR "should've been desugared" + +// The following functions convert an array into a slice. + +#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t, _0) \ EURYDICE_SLICE((t *)x, 0, r) -#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t) \ +#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t, _0) \ EURYDICE_SLICE((t *)x, r, size) -#define Eurydice_slice_len(s, t) EURYDICE_SLICE_LEN(s, t) + +// Copy a slice with memcopy #define Eurydice_slice_copy(dst, src, t) \ memcpy(dst.ptr, src.ptr, dst.len * sizeof(t)) -#define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) \ - ((Eurydice_slice){.ptr = ptr_, .len = len_}) -#define core_array___core__clone__Clone_for__Array_T__N___20__clone( \ - len, src, dst, elem_type, _ret_t) \ +#define core_array___Array_T__N___as_slice(len_, ptr_, t, _ret_t) \ + KRML_CLITERAL(Eurydice_slice) { ptr_, len_ } + +#define core_array__core__clone__Clone_for__Array_T__N___clone( \ + len, src, dst, elem_type, _ret_t) \ (memcpy(dst, src, len * sizeof(elem_type))) #define TryFromSliceError uint8_t +#define core_array_TryFromSliceError uint8_t + +#define Eurydice_array_eq(sz, a1, a2, t) (memcmp(a1, a2, sz * sizeof(t)) == 0) + +// core::cmp::PartialEq<&0 (@Slice)> for @Array +#define Eurydice_array_eq_slice(sz, a1, s2, t, _) \ + (memcmp(a1, (s2)->ptr, sz * sizeof(t)) == 0) -#define Eurydice_array_eq(sz, a1, a2, t, _) \ - (memcmp(a1, a2, sz * sizeof(t)) == 0) #define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( \ sz, a1, a2, t, _, _ret_t) \ Eurydice_array_eq(sz, a1, a2, t, _) @@ -135,20 +259,30 @@ typedef struct { sz, a1, a2, t, _, _ret_t) \ Eurydice_array_eq(sz, a1, ((a2)->ptr), t, _) -#define Eurydice_slice_split_at(slice, mid, element_type, ret_t) \ - (CLITERAL(ret_t){ \ - .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \ - .snd = EURYDICE_SLICE((element_type *)slice.ptr, mid, slice.len)}) -#define Eurydice_slice_split_at_mut(slice, mid, element_type, ret_t) \ - (CLITERAL(ret_t){ \ - .fst = {.ptr = slice.ptr, .len = mid}, \ - .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \ - .len = slice.len - mid}}) +#define Eurydice_slice_split_at(slice, mid, element_type, ret_t) \ + KRML_CLITERAL(ret_t) { \ + EURYDICE_CFIELD(.fst =) \ + EURYDICE_SLICE((element_type *)(slice).ptr, 0, mid), \ + EURYDICE_CFIELD(.snd =) \ + EURYDICE_SLICE((element_type *)(slice).ptr, mid, (slice).len) \ + } + +#define Eurydice_slice_split_at_mut(slice, mid, element_type, ret_t) \ + KRML_CLITERAL(ret_t) { \ + EURYDICE_CFIELD(.fst =) \ + KRML_CLITERAL(Eurydice_slice){EURYDICE_CFIELD(.ptr =)(slice.ptr), \ + EURYDICE_CFIELD(.len =) mid}, \ + EURYDICE_CFIELD(.snd =) KRML_CLITERAL(Eurydice_slice) { \ + EURYDICE_CFIELD(.ptr =) \ + ((char *)slice.ptr + mid * sizeof(element_type)), \ + EURYDICE_CFIELD(.len =)(slice.len - mid) \ + } \ + } // Conversion of slice to an array, rewritten (by Eurydice) to name the // destination array, since arrays are not values in C. // N.B.: see note in karamel/lib/Inlining.ml if you change this. -#define Eurydice_slice_to_array2(dst, src, _, t_arr) \ +#define Eurydice_slice_to_array2(dst, src, _0, t_arr, _1) \ Eurydice_slice_to_array3(&(dst)->tag, (char *)&(dst)->val.case_Ok, src, \ sizeof(t_arr)) @@ -158,25 +292,96 @@ static inline void Eurydice_slice_to_array3(uint8_t *dst_tag, char *dst_ok, memcpy(dst_ok, src.ptr, sz); } +// SUPPORT FOR DSTs (Dynamically-Sized Types) + +// A DST is a fat pointer that keeps tracks of the size of it flexible array +// member. Slices are a specific case of DSTs, where [T; N] implements +// Unsize<[T]>, meaning an array of statically known size can be converted to a +// fat pointer, i.e. a slice. +// +// Unlike slices, DSTs have a built-in definition that gets monomorphized, of +// the form: +// +// typedef struct { +// T *ptr; +// size_t len; // number of elements +// } Eurydice_dst; +// +// Furthermore, T = T0<[U0]> where `struct T0`, where the `U` is the +// last field. This means that there are two monomorphizations of T0 in the +// program. One is `T0<[V; N]>` +// -- this is directly converted to a Eurydice_dst via suitable codegen (no +// macro). The other is `T = T0<[U]>`, where `[U]` gets emitted to +// `Eurydice_derefed_slice`, a type that only appears in that precise situation +// and is thus defined to give rise to a flexible array member. + +typedef char Eurydice_derefed_slice[]; + +#define Eurydice_slice_of_dst(fam_ptr, len_, t, _) \ + ((Eurydice_slice){.ptr = (void *)(fam_ptr), .len = len_}) + +#define Eurydice_slice_of_boxed_array(ptr_, len_, t, _) \ + ((Eurydice_slice){.ptr = (void *)(ptr_), .len = len_}) + // CORE STUFF (conversions, endianness, ...) -static inline void core_num__u64_9__to_le_bytes(uint64_t v, uint8_t buf[8]) { - v = htole64(v); - memcpy(buf, &v, sizeof(v)); +// We slap extern "C" on declarations that intend to implement a prototype +// generated by Eurydice, because Eurydice prototypes are always emitted within +// an extern "C" block, UNLESS you use -fcxx17-compat, in which case, you must +// pass -DKRML_CXX17_COMPAT="" to your C++ compiler. +#if defined(__cplusplus) && !defined(KRML_CXX17_COMPAT) +extern "C" { +#endif + +static inline void core_num__u32__to_be_bytes(uint32_t src, uint8_t dst[4]) { + store32_be(dst, src); +} + +static inline void core_num__u32__to_le_bytes(uint32_t src, uint8_t dst[4]) { + store32_le(dst, src); +} + +static inline uint32_t core_num__u32__from_le_bytes(uint8_t buf[4]) { + return load32_le(buf); +} + +static inline void core_num__u64__to_le_bytes(uint64_t v, uint8_t buf[8]) { + store64_le(buf, v); +} + +static inline uint64_t core_num__u64__from_le_bytes(uint8_t buf[8]) { + return load64_le(buf); +} + +static inline int64_t core_convert_num___core__convert__From_i32__for_i64__from( + int32_t x) { + return x; } -static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t buf[8]) { - uint64_t v; - memcpy(&v, buf, sizeof(v)); - return le64toh(v); + +static inline uint64_t core_convert_num___core__convert__From_u8__for_u64__from( + uint8_t x) { + return x; +} + +static inline uint64_t +core_convert_num___core__convert__From_u16__for_u64__from(uint16_t x) { + return x; } -static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t buf[4]) { - uint32_t v; - memcpy(&v, buf, sizeof(v)); - return le32toh(v); +static inline size_t +core_convert_num___core__convert__From_u16__for_usize__from(uint16_t x) { + return x; +} + +static inline uint32_t core_num__u8__count_ones(uint8_t x0) { +#ifdef _MSC_VER + return __popcnt(x0); +#else + return __builtin_popcount(x0); +#endif } -static inline uint32_t core_num__u8_6__count_ones(uint8_t x0) { +static inline uint32_t core_num__i32__count_ones(int32_t x0) { #ifdef _MSC_VER return __popcnt(x0); #else @@ -184,96 +389,212 @@ static inline uint32_t core_num__u8_6__count_ones(uint8_t x0) { #endif } +static inline size_t core_cmp_impls___core__cmp__Ord_for_usize__min(size_t a, + size_t b) { + if (a <= b) + return a; + else + return b; +} + // unsigned overflow wraparound semantics in C -static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x, uint16_t y) { +static inline uint16_t core_num__u16__wrapping_add(uint16_t x, uint16_t y) { return x + y; } -static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x, uint8_t y) { +static inline uint8_t core_num__u8__wrapping_sub(uint8_t x, uint8_t y) { return x - y; } +static inline uint64_t core_num__u64__rotate_left(uint64_t x0, uint32_t x1) { + return (x0 << x1 | x0 >> (64 - x1)); +} + +static inline void core_ops_arith__i32__add_assign(int32_t *x0, int32_t *x1) { + *x0 = *x0 + *x1; +} + +static inline uint8_t Eurydice_bitand_pv_u8(uint8_t *p, uint8_t v) { + return (*p) & v; +} +static inline uint8_t Eurydice_shr_pv_u8(uint8_t *p, int32_t v) { + return (*p) >> v; +} +static inline uint32_t Eurydice_min_u32(uint32_t x, uint32_t y) { + return x < y ? x : y; +} + +static inline uint8_t +core_ops_bit___core__ops__bit__BitAnd_u8__u8__for___a__u8___46__bitand( + uint8_t *x0, uint8_t x1) { + return Eurydice_bitand_pv_u8(x0, x1); +} + +static inline uint8_t +core_ops_bit___core__ops__bit__Shr_i32__u8__for___a__u8___792__shr(uint8_t *x0, + int32_t x1) { + return Eurydice_shr_pv_u8(x0, x1); +} + +#define core_num_nonzero_private_NonZeroUsizeInner size_t +static inline core_num_nonzero_private_NonZeroUsizeInner +core_num_nonzero_private___core__clone__Clone_for_core__num__nonzero__private__NonZeroUsizeInner__26__clone( + core_num_nonzero_private_NonZeroUsizeInner *x0) { + return *x0; +} + +#if defined(__cplusplus) && !defined(KRML_CXX17_COMPAT) +} +#endif // ITERATORS -#define Eurydice_range_iter_next(iter_ptr, t, ret_t) \ - (((iter_ptr)->start == (iter_ptr)->end) \ - ? (CLITERAL(ret_t){.tag = None}) \ - : (CLITERAL(ret_t){.tag = Some, .f0 = (iter_ptr)->start++})) +#define Eurydice_range_iter_next(iter_ptr, t, ret_t) \ + (((iter_ptr)->start >= (iter_ptr)->end) \ + ? (KRML_CLITERAL(ret_t){EURYDICE_CFIELD(.tag =) 0, \ + EURYDICE_CFIELD(.f0 =) 0}) \ + : (KRML_CLITERAL(ret_t){EURYDICE_CFIELD(.tag =) 1, \ + EURYDICE_CFIELD(.f0 =)(iter_ptr)->start++})) -#define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next \ +#define core_iter_range___core__iter__traits__iterator__Iterator_A__for_core__ops__range__Range_A__TraitClause_0___6__next \ Eurydice_range_iter_next // See note in karamel/lib/Inlining.ml if you change this -#define Eurydice_into_iter(x, t, _ret_t) (x) -#define core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter \ +#define Eurydice_into_iter(x, t, _ret_t, _) (x) +#define core_iter_traits_collect___core__iter__traits__collect__IntoIterator_Clause1_Item__I__for_I__1__into_iter \ Eurydice_into_iter -#if defined(__cplusplus) +typedef struct { + Eurydice_slice slice; + size_t chunk_size; +} Eurydice_chunks; + +// Can't use macros Eurydice_slice_subslice_{to,from} because they require a +// type, and this static inline function cannot receive a type as an argument. +// Instead, we receive the element size and use it to peform manual offset +// computations rather than going through the macros. +static inline Eurydice_slice chunk_next(Eurydice_chunks *chunks, + size_t element_size) { + size_t chunk_size = chunks->slice.len >= chunks->chunk_size + ? chunks->chunk_size + : chunks->slice.len; + Eurydice_slice curr_chunk; + curr_chunk.ptr = chunks->slice.ptr; + curr_chunk.len = chunk_size; + chunks->slice.ptr = (char *)(chunks->slice.ptr) + chunk_size * element_size; + chunks->slice.len = chunks->slice.len - chunk_size; + return curr_chunk; +} + +#define core_slice___Slice_T___chunks(slice_, sz_, t, _ret_t) \ + ((Eurydice_chunks){.slice = slice_, .chunk_size = sz_}) +#define core_slice___Slice_T___chunks_exact(slice_, sz_, t, _ret_t) \ + ((Eurydice_chunks){ \ + .slice = {.ptr = slice_.ptr, .len = slice_.len - (slice_.len % sz_)}, \ + .chunk_size = sz_}) +#define core_slice_iter_Chunks Eurydice_chunks +#define core_slice_iter_ChunksExact Eurydice_chunks +#define Eurydice_chunks_next(iter, t, ret_t) \ + (((iter)->slice.len == 0) ? ((ret_t){.tag = core_option_None}) \ + : ((ret_t){.tag = core_option_Some, \ + .f0 = chunk_next(iter, sizeof(t))})) +#define core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___70__next \ + Eurydice_chunks_next +// This name changed on 20240627 +#define core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___71__next \ + Eurydice_chunks_next +#define core_slice_iter__core__slice__iter__ChunksExact__a__T__89__next( \ + iter, t, _ret_t) \ + core_slice_iter__core__slice__iter__Chunks__a__T__70__next(iter, t) + +typedef struct { + Eurydice_slice s; + size_t index; +} Eurydice_slice_iterator; + +#define core_slice___Slice_T___iter(x, t, _ret_t) \ + ((Eurydice_slice_iterator){.s = x, .index = 0}) +#define core_slice_iter_Iter Eurydice_slice_iterator +#define core_slice_iter__core__slice__iter__Iter__a__T__181__next(iter, t, \ + ret_t) \ + (((iter)->index == (iter)->s.len) \ + ? (KRML_CLITERAL(ret_t){.tag = core_option_None}) \ + : (KRML_CLITERAL(ret_t){ \ + .tag = core_option_Some, \ + .f0 = ((iter)->index++, \ + &((t *)((iter)->s.ptr))[(iter)->index - 1])})) +#define core_option__core__option__Option_T__TraitClause_0___is_some(X, _0, \ + _1) \ + ((X)->tag == 1) +// STRINGS + +typedef const char *Prims_string; + +// MISC (UNTESTED) + +typedef void *core_fmt_Formatter; +typedef void *core_fmt_Arguments; +typedef void *core_fmt_rt_Argument; +#define core_fmt_rt__core__fmt__rt__Argument__a__1__new_display(x1, x2, x3, \ + x4) \ + NULL + +// BOXES + +// Crimes. +static inline char *malloc_and_init(size_t sz, char *init) { + char *ptr = (char *)malloc(sz); + memcpy(ptr, init, sz); + return ptr; } -#endif -/* from libcrux/libcrux-ml-kem/cg/libcrux_core.h */ +#define Eurydice_box_new(init, t, t_dst) \ + ((t_dst)(malloc_and_init(sizeof(t), (char *)(&init)))) + +#define Eurydice_box_new_array(len, ptr, t, t_dst) \ + ((t_dst)(malloc_and_init(len * sizeof(t), (char *)(ptr)))) + +/* from libcrux/libcrux-ml-kem/extracts/c_header_only/generated/libcrux_mlkem_core.h */ /* - * SPDX-FileCopyrightText: 2024 Cryspen Sarl + * SPDX-FileCopyrightText: 2025 Cryspen Sarl * * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee + * Charon: 667d2fc98984ff7f3df989c2367e6c1fa4a000e7 + * Eurydice: 2381cbc416ef2ad0b561c362c500bc84f36b6785 + * Karamel: 80f5435f2fc505973c469a4afcc8d875cddd0d8b + * F*: 71d8221589d4d438af3706d89cb653cf53e18aab + * Libcrux: 68dfed5a4a9e40277f62828471c029afed1ecdcc */ -#ifndef __libcrux_core_H -#define __libcrux_core_H +#ifndef libcrux_mlkem_core_H +#define libcrux_mlkem_core_H + #if defined(__cplusplus) extern "C" { #endif - /** A monomorphic instance of core.ops.range.Range with types size_t */ -typedef struct core_ops_range_Range_b3_s { +typedef struct core_ops_range_Range_08_s { size_t start; size_t end; -} core_ops_range_Range_b3; +} core_ops_range_Range_08; -#define Ok 0 -#define Err 1 +static inline uint16_t core_num__u16__wrapping_add(uint16_t x0, uint16_t x1); -typedef uint8_t Result_86_tags; +static inline uint64_t core_num__u64__from_le_bytes(uint8_t x0[8U]); -#define None 0 -#define Some 1 +static inline uint64_t core_num__u64__rotate_left(uint64_t x0, uint32_t x1); -typedef uint8_t Option_ef_tags; +static inline void core_num__u64__to_le_bytes(uint64_t x0, uint8_t x1[8U]); -/** -A monomorphic instance of core.option.Option -with types size_t +static inline uint32_t core_num__u8__count_ones(uint8_t x0); -*/ -typedef struct Option_b3_s { - Option_ef_tags tag; - size_t f0; -} Option_b3; - -static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x0, uint16_t x1); - -#define CORE_NUM__U32_8__BITS (32U) - -static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]); - -static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]); - -static inline uint32_t core_num__u8_6__count_ones(uint8_t x0); - -static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x0, uint8_t x1); +static inline uint8_t core_num__u8__wrapping_sub(uint8_t x0, uint8_t x1); #define LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE ((size_t)32U) @@ -289,35 +610,298 @@ static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x0, uint8_t x1); #define LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE ((size_t)32U) +#define LIBCRUX_ML_KEM_CONSTANTS_G_DIGEST_SIZE ((size_t)64U) + #define LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE ((size_t)32U) +/** + K * BITS_PER_RING_ELEMENT / 8 + + [eurydice] Note that we can't use const generics here because that breaks + C extraction with eurydice. +*/ +static inline size_t libcrux_ml_kem_constants_ranked_bytes_per_ring_element( + size_t rank) { + return rank * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U; +} + +/** +This function found in impl {libcrux_secrets::traits::Classify for T} +*/ +/** +A monomorphic instance of libcrux_secrets.int.public_integers.classify_27 +with types uint8_t + +*/ +static KRML_MUSTINLINE uint8_t +libcrux_secrets_int_public_integers_classify_27_90(uint8_t self) { + return self; +} + +/** +This function found in impl {libcrux_secrets::traits::Declassify for T} +*/ +/** +A monomorphic instance of libcrux_secrets.int.public_integers.declassify_d8 +with types int16_t + +*/ +static KRML_MUSTINLINE int16_t +libcrux_secrets_int_public_integers_declassify_d8_39(int16_t self) { + return self; +} + +/** +This function found in impl {libcrux_secrets::int::CastOps for i16} +*/ +static KRML_MUSTINLINE uint8_t libcrux_secrets_int_as_u8_f5(int16_t self) { + return libcrux_secrets_int_public_integers_classify_27_90( + (uint8_t)libcrux_secrets_int_public_integers_declassify_d8_39(self)); +} + +/** +This function found in impl {libcrux_secrets::traits::Classify for T} +*/ +/** +A monomorphic instance of libcrux_secrets.int.public_integers.classify_27 +with types int16_t + +*/ +static KRML_MUSTINLINE int16_t +libcrux_secrets_int_public_integers_classify_27_39(int16_t self) { + return self; +} + +/** +This function found in impl {libcrux_secrets::traits::Declassify for T} +*/ +/** +A monomorphic instance of libcrux_secrets.int.public_integers.declassify_d8 +with types uint8_t + +*/ +static KRML_MUSTINLINE uint8_t +libcrux_secrets_int_public_integers_declassify_d8_90(uint8_t self) { + return self; +} + +/** +This function found in impl {libcrux_secrets::int::CastOps for u8} +*/ +static KRML_MUSTINLINE int16_t libcrux_secrets_int_as_i16_59(uint8_t self) { + return libcrux_secrets_int_public_integers_classify_27_39( + (int16_t)libcrux_secrets_int_public_integers_declassify_d8_90(self)); +} + +/** +This function found in impl {libcrux_secrets::traits::Classify for T} +*/ +/** +A monomorphic instance of libcrux_secrets.int.public_integers.classify_27 +with types int32_t + +*/ +static KRML_MUSTINLINE int32_t +libcrux_secrets_int_public_integers_classify_27_a8(int32_t self) { + return self; +} + +/** +This function found in impl {libcrux_secrets::int::CastOps for i16} +*/ +static KRML_MUSTINLINE int32_t libcrux_secrets_int_as_i32_f5(int16_t self) { + return libcrux_secrets_int_public_integers_classify_27_a8( + (int32_t)libcrux_secrets_int_public_integers_declassify_d8_39(self)); +} + +/** +This function found in impl {libcrux_secrets::traits::Declassify for T} +*/ +/** +A monomorphic instance of libcrux_secrets.int.public_integers.declassify_d8 +with types int32_t + +*/ +static KRML_MUSTINLINE int32_t +libcrux_secrets_int_public_integers_declassify_d8_a8(int32_t self) { + return self; +} + +/** +This function found in impl {libcrux_secrets::int::CastOps for i32} +*/ +static KRML_MUSTINLINE int16_t libcrux_secrets_int_as_i16_36(int32_t self) { + return libcrux_secrets_int_public_integers_classify_27_39( + (int16_t)libcrux_secrets_int_public_integers_declassify_d8_a8(self)); +} + +/** +This function found in impl {libcrux_secrets::traits::Declassify for T} +*/ +/** +A monomorphic instance of libcrux_secrets.int.public_integers.declassify_d8 +with types uint32_t + +*/ +static KRML_MUSTINLINE uint32_t +libcrux_secrets_int_public_integers_declassify_d8_df(uint32_t self) { + return self; +} + +/** +This function found in impl {libcrux_secrets::int::CastOps for u32} +*/ +static KRML_MUSTINLINE int32_t libcrux_secrets_int_as_i32_b8(uint32_t self) { + return libcrux_secrets_int_public_integers_classify_27_a8( + (int32_t)libcrux_secrets_int_public_integers_declassify_d8_df(self)); +} + +/** +This function found in impl {libcrux_secrets::traits::Classify for T} +*/ +/** +A monomorphic instance of libcrux_secrets.int.public_integers.classify_27 +with types uint16_t + +*/ +static KRML_MUSTINLINE uint16_t +libcrux_secrets_int_public_integers_classify_27_de(uint16_t self) { + return self; +} + +/** +This function found in impl {libcrux_secrets::int::CastOps for i16} +*/ +static KRML_MUSTINLINE uint16_t libcrux_secrets_int_as_u16_f5(int16_t self) { + return libcrux_secrets_int_public_integers_classify_27_de( + (uint16_t)libcrux_secrets_int_public_integers_declassify_d8_39(self)); +} + +/** +This function found in impl {libcrux_secrets::traits::Declassify for T} +*/ +/** +A monomorphic instance of libcrux_secrets.int.public_integers.declassify_d8 +with types uint16_t + +*/ +static KRML_MUSTINLINE uint16_t +libcrux_secrets_int_public_integers_declassify_d8_de(uint16_t self) { + return self; +} + +/** +This function found in impl {libcrux_secrets::int::CastOps for u16} +*/ +static KRML_MUSTINLINE int16_t libcrux_secrets_int_as_i16_ca(uint16_t self) { + return libcrux_secrets_int_public_integers_classify_27_39( + (int16_t)libcrux_secrets_int_public_integers_declassify_d8_de(self)); +} + +/** +This function found in impl {libcrux_secrets::traits::Classify for T} +*/ +/** +A monomorphic instance of libcrux_secrets.int.public_integers.classify_27 +with types uint64_t + +*/ +static KRML_MUSTINLINE uint64_t +libcrux_secrets_int_public_integers_classify_27_49(uint64_t self) { + return self; +} + +/** +This function found in impl {libcrux_secrets::int::CastOps for u16} +*/ +static KRML_MUSTINLINE uint64_t libcrux_secrets_int_as_u64_ca(uint16_t self) { + return libcrux_secrets_int_public_integers_classify_27_49( + (uint64_t)libcrux_secrets_int_public_integers_declassify_d8_de(self)); +} + +/** +This function found in impl {libcrux_secrets::traits::Classify for T} +*/ +/** +A monomorphic instance of libcrux_secrets.int.public_integers.classify_27 +with types uint32_t + +*/ +static KRML_MUSTINLINE uint32_t +libcrux_secrets_int_public_integers_classify_27_df(uint32_t self) { + return self; +} + +/** +This function found in impl {libcrux_secrets::traits::Declassify for T} +*/ +/** +A monomorphic instance of libcrux_secrets.int.public_integers.declassify_d8 +with types uint64_t + +*/ +static KRML_MUSTINLINE uint64_t +libcrux_secrets_int_public_integers_declassify_d8_49(uint64_t self) { + return self; +} + +/** +This function found in impl {libcrux_secrets::int::CastOps for u64} +*/ +static KRML_MUSTINLINE uint32_t libcrux_secrets_int_as_u32_a3(uint64_t self) { + return libcrux_secrets_int_public_integers_classify_27_df( + (uint32_t)libcrux_secrets_int_public_integers_declassify_d8_49(self)); +} + +/** +This function found in impl {libcrux_secrets::int::CastOps for u32} +*/ +static KRML_MUSTINLINE int16_t libcrux_secrets_int_as_i16_b8(uint32_t self) { + return libcrux_secrets_int_public_integers_classify_27_39( + (int16_t)libcrux_secrets_int_public_integers_declassify_d8_df(self)); +} + +/** +This function found in impl {libcrux_secrets::int::CastOps for i16} +*/ +static KRML_MUSTINLINE int16_t libcrux_secrets_int_as_i16_f5(int16_t self) { + return libcrux_secrets_int_public_integers_classify_27_39( + libcrux_secrets_int_public_integers_declassify_d8_39(self)); +} + typedef struct libcrux_ml_kem_utils_extraction_helper_Keypair768_s { uint8_t fst[1152U]; uint8_t snd[1184U]; } libcrux_ml_kem_utils_extraction_helper_Keypair768; +#define Ok 0 +#define Err 1 + +typedef uint8_t Result_b2_tags; + /** A monomorphic instance of core.result.Result with types uint8_t[24size_t], core_array_TryFromSliceError */ -typedef struct Result_6f_s { - Result_86_tags tag; +typedef struct Result_b2_s { + Result_b2_tags tag; union { uint8_t case_Ok[24U]; TryFromSliceError case_Err; } val; -} Result_6f; +} Result_b2; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[24size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_1c(Result_6f self, uint8_t ret[24U]) { +static inline void unwrap_26_70(Result_b2 self, uint8_t ret[24U]) { if (self.tag == Ok) { uint8_t f0[24U]; memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); @@ -334,23 +918,24 @@ A monomorphic instance of core.result.Result with types uint8_t[20size_t], core_array_TryFromSliceError */ -typedef struct Result_7a_s { - Result_86_tags tag; +typedef struct Result_e1_s { + Result_b2_tags tag; union { uint8_t case_Ok[20U]; TryFromSliceError case_Err; } val; -} Result_7a; +} Result_e1; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[20size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_34(Result_7a self, uint8_t ret[20U]) { +static inline void unwrap_26_20(Result_e1 self, uint8_t ret[20U]) { if (self.tag == Ok) { uint8_t f0[20U]; memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); @@ -363,61 +948,46 @@ static inline void unwrap_41_34(Result_7a self, uint8_t ret[20U]) { } /** -A monomorphic instance of core.result.Result -with types uint8_t[10size_t], core_array_TryFromSliceError - + Pad the `slice` with `0`s at the end. */ -typedef struct Result_cd_s { - Result_86_tags tag; - union { - uint8_t case_Ok[10U]; - TryFromSliceError case_Err; - } val; -} Result_cd; - /** -This function found in impl {core::result::Result} +A monomorphic instance of libcrux_ml_kem.utils.into_padded_array +with const generics +- LEN= 32 */ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[10size_t], core_array_TryFromSliceError - -*/ -static inline void unwrap_41_e8(Result_cd self, uint8_t ret[10U]) { - if (self.tag == Ok) { - uint8_t f0[10U]; - memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)10U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_9e( + Eurydice_slice slice, uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + uint8_t *uu____0 = out; + Eurydice_slice_copy( + Eurydice_array_to_subslice3( + uu____0, (size_t)0U, Eurydice_slice_len(slice, uint8_t), uint8_t *), + slice, uint8_t); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -typedef struct Eurydice_slice_uint8_t_4size_t__x2_s { - Eurydice_slice fst[4U]; - Eurydice_slice snd[4U]; -} Eurydice_slice_uint8_t_4size_t__x2; - -typedef struct libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s { - uint8_t value[1088U]; -} libcrux_ml_kem_mlkem768_MlKem768Ciphertext; - /** - A reference to the raw byte slice. +A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey +with const generics +- $2400size_t */ +typedef struct libcrux_ml_kem_types_MlKemPrivateKey_d9_s { + uint8_t value[2400U]; +} libcrux_ml_kem_types_MlKemPrivateKey_d9; + /** -This function found in impl {libcrux_ml_kem::types::MlKemCiphertext#6} +This function found in impl {core::default::Default for +libcrux_ml_kem::types::MlKemPrivateKey} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_slice_d4 +A monomorphic instance of libcrux_ml_kem.types.default_d3 with const generics -- SIZE= 1088 +- SIZE= 2400 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_1d( - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { - return self->value; +static inline libcrux_ml_kem_types_MlKemPrivateKey_d9 +libcrux_ml_kem_types_default_d3_28(void) { + return ( + KRML_CLITERAL(libcrux_ml_kem_types_MlKemPrivateKey_d9){.value = {0U}}); } /** @@ -425,46 +995,34 @@ A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey with const generics - $1184size_t */ -typedef struct libcrux_ml_kem_types_MlKemPublicKey_15_s { +typedef struct libcrux_ml_kem_types_MlKemPublicKey_30_s { uint8_t value[1184U]; -} libcrux_ml_kem_types_MlKemPublicKey_15; +} libcrux_ml_kem_types_MlKemPublicKey_30; /** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#14} +This function found in impl {core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemPublicKey} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_b6 +A monomorphic instance of libcrux_ml_kem.types.from_fd with const generics - SIZE= 1184 */ -static inline libcrux_ml_kem_types_MlKemPublicKey_15 -libcrux_ml_kem_types_from_b6_da(uint8_t value[1184U]) { +static inline libcrux_ml_kem_types_MlKemPublicKey_30 +libcrux_ml_kem_types_from_fd_d0(uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_15 lit; + libcrux_ml_kem_types_MlKemPublicKey_30 lit; memcpy(lit.value, copy_of_value, (size_t)1184U * sizeof(uint8_t)); return lit; } -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey -with const generics -- $2400size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemPrivateKey_55_s { - uint8_t value[2400U]; -} libcrux_ml_kem_types_MlKemPrivateKey_55; - typedef struct libcrux_ml_kem_mlkem768_MlKem768KeyPair_s { - libcrux_ml_kem_types_MlKemPrivateKey_55 sk; - libcrux_ml_kem_types_MlKemPublicKey_15 pk; + libcrux_ml_kem_types_MlKemPrivateKey_d9 sk; + libcrux_ml_kem_types_MlKemPublicKey_30 pk; } libcrux_ml_kem_mlkem768_MlKem768KeyPair; -/** - Create a new [`MlKemKeyPair`] from the secret and public key. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -476,27 +1034,27 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_types_from_17_35(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, - libcrux_ml_kem_types_MlKemPublicKey_15 pk) { - return ( - CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); +libcrux_ml_kem_types_from_17_74(libcrux_ml_kem_types_MlKemPrivateKey_d9 sk, + libcrux_ml_kem_types_MlKemPublicKey_30 pk) { + return (KRML_CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, + .pk = pk}); } /** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPrivateKey)#8} +This function found in impl {core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemPrivateKey} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_05 +A monomorphic instance of libcrux_ml_kem.types.from_77 with const generics - SIZE= 2400 */ -static inline libcrux_ml_kem_types_MlKemPrivateKey_55 -libcrux_ml_kem_types_from_05_f2(uint8_t value[2400U]) { +static inline libcrux_ml_kem_types_MlKemPrivateKey_d9 +libcrux_ml_kem_types_from_77_28(uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_55 lit; + libcrux_ml_kem_types_MlKemPrivateKey_d9 lit; memcpy(lit.value, copy_of_value, (size_t)2400U * sizeof(uint8_t)); return lit; } @@ -506,23 +1064,24 @@ A monomorphic instance of core.result.Result with types uint8_t[32size_t], core_array_TryFromSliceError */ -typedef struct Result_00_s { - Result_86_tags tag; +typedef struct Result_fb_s { + Result_b2_tags tag; union { uint8_t case_Ok[32U]; TryFromSliceError case_Err; } val; -} Result_00; +} Result_fb; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[32size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_83(Result_00 self, uint8_t ret[32U]) { +static inline void unwrap_26_b3(Result_fb self, uint8_t ret[32U]) { if (self.tag == Ok) { uint8_t f0[32U]; memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t)); @@ -534,28 +1093,32 @@ static inline void unwrap_41_83(Result_00 self, uint8_t ret[32U]) { } } +typedef struct libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s { + uint8_t value[1088U]; +} libcrux_ml_kem_mlkem768_MlKem768Ciphertext; + /** A monomorphic instance of K. with types libcrux_ml_kem_types_MlKemCiphertext[[$1088size_t]], uint8_t[32size_t] */ -typedef struct tuple_3c_s { +typedef struct tuple_c2_s { libcrux_ml_kem_mlkem768_MlKem768Ciphertext fst; uint8_t snd[32U]; -} tuple_3c; +} tuple_c2; /** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemCiphertext)#2} +This function found in impl {core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemCiphertext} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_01 +A monomorphic instance of libcrux_ml_kem.types.from_e0 with const generics - SIZE= 1088 */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext -libcrux_ml_kem_types_from_01_9f(uint8_t value[1088U]) { +libcrux_ml_kem_types_from_e0_80(uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); @@ -565,21 +1128,46 @@ libcrux_ml_kem_types_from_01_9f(uint8_t value[1088U]) { } /** - A reference to the raw byte slice. +This function found in impl {libcrux_ml_kem::types::MlKemPublicKey} */ /** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.as_slice_cb +A monomorphic instance of libcrux_ml_kem.types.as_slice_e6 with const generics - SIZE= 1184 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_cb_50( - libcrux_ml_kem_types_MlKemPublicKey_15 *self) { +static inline uint8_t *libcrux_ml_kem_types_as_slice_e6_d0( + libcrux_ml_kem_types_MlKemPublicKey_30 *self) { return self->value; } +/** +This function found in impl {libcrux_ml_kem::types::MlKemCiphertext} +*/ +/** +A monomorphic instance of libcrux_ml_kem.types.as_slice_a9 +with const generics +- SIZE= 1088 +*/ +static inline uint8_t *libcrux_ml_kem_types_as_slice_a9_80( + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { + return self->value; +} + +/** +A monomorphic instance of libcrux_ml_kem.utils.prf_input_inc +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE uint8_t libcrux_ml_kem_utils_prf_input_inc_e0( + uint8_t (*prf_inputs)[33U], uint8_t domain_separator) { + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + return domain_separator; +} + /** Pad the `slice` with `0`s at the end. */ @@ -588,13 +1176,13 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_ea2( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_c8( Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; Eurydice_slice_copy( - Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t), uint8_t), + Eurydice_array_to_subslice3( + uu____0, (size_t)0U, Eurydice_slice_len(slice, uint8_t), uint8_t *), slice, uint8_t); memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); } @@ -607,27 +1195,27 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_ea1( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_b6( Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; Eurydice_slice_copy( - Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t), uint8_t), + Eurydice_array_to_subslice3( + uu____0, (size_t)0U, Eurydice_slice_len(slice, uint8_t), uint8_t *), slice, uint8_t); memcpy(ret, out, (size_t)34U * sizeof(uint8_t)); } /** -This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)#1} +This function found in impl {core::convert::AsRef<@Slice> for +libcrux_ml_kem::types::MlKemCiphertext} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_ref_00 +A monomorphic instance of libcrux_ml_kem.types.as_ref_d3 with const generics - SIZE= 1088 */ -static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_24( +static inline Eurydice_slice libcrux_ml_kem_types_as_ref_d3_80( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } @@ -640,13 +1228,13 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1120 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_ea0( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_15( Eurydice_slice slice, uint8_t ret[1120U]) { uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; Eurydice_slice_copy( - Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t), uint8_t), + Eurydice_array_to_subslice3( + uu____0, (size_t)0U, Eurydice_slice_len(slice, uint8_t), uint8_t *), slice, uint8_t); memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); } @@ -659,39 +1247,182 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_ea( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_24( Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; Eurydice_slice_copy( - Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t), uint8_t), + Eurydice_array_to_subslice3( + uu____0, (size_t)0U, Eurydice_slice_len(slice, uint8_t), uint8_t *), slice, uint8_t); memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } +typedef struct Eurydice_slice_uint8_t_x4_s { + Eurydice_slice fst; + Eurydice_slice snd; + Eurydice_slice thd; + Eurydice_slice f3; +} Eurydice_slice_uint8_t_x4; + +typedef struct Eurydice_slice_uint8_t_x2_s { + Eurydice_slice fst; + Eurydice_slice snd; +} Eurydice_slice_uint8_t_x2; + +/** + Unpack an incoming private key into it's different parts. + + We have this here in types to extract into a common core for C. +*/ +/** +A monomorphic instance of libcrux_ml_kem.types.unpack_private_key +with const generics +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +static inline Eurydice_slice_uint8_t_x4 +libcrux_ml_kem_types_unpack_private_key_b4(Eurydice_slice private_key) { + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + private_key, (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + return ( + KRML_CLITERAL(Eurydice_slice_uint8_t_x4){.fst = ind_cpa_secret_key, + .snd = ind_cpa_public_key, + .thd = ind_cpa_public_key_hash, + .f3 = implicit_rejection_value}); +} + +/** +This function found in impl {libcrux_secrets::traits::Declassify for T} +*/ +/** +A monomorphic instance of libcrux_secrets.int.public_integers.declassify_d8 +with types uint8_t[24size_t] + +*/ +static KRML_MUSTINLINE void +libcrux_secrets_int_public_integers_declassify_d8_d2(uint8_t self[24U], + uint8_t ret[24U]) { + memcpy(ret, self, (size_t)24U * sizeof(uint8_t)); +} + +/** +This function found in impl {libcrux_secrets::traits::Declassify for T} +*/ +/** +A monomorphic instance of libcrux_secrets.int.public_integers.declassify_d8 +with types uint8_t[20size_t] + +*/ +static KRML_MUSTINLINE void +libcrux_secrets_int_public_integers_declassify_d8_57(uint8_t self[20U], + uint8_t ret[20U]) { + memcpy(ret, self, (size_t)20U * sizeof(uint8_t)); +} + +/** +This function found in impl {libcrux_secrets::traits::Declassify for T} +*/ +/** +A monomorphic instance of libcrux_secrets.int.public_integers.declassify_d8 +with types uint8_t[8size_t] + +*/ +static KRML_MUSTINLINE void +libcrux_secrets_int_public_integers_declassify_d8_76(uint8_t self[8U], + uint8_t ret[8U]) { + memcpy(ret, self, (size_t)8U * sizeof(uint8_t)); +} + +/** +This function found in impl {libcrux_secrets::traits::Declassify for T} +*/ +/** +A monomorphic instance of libcrux_secrets.int.public_integers.declassify_d8 +with types uint8_t[2size_t] + +*/ +static KRML_MUSTINLINE void +libcrux_secrets_int_public_integers_declassify_d8_d4(uint8_t self[2U], + uint8_t ret[2U]) { + memcpy(ret, self, (size_t)2U * sizeof(uint8_t)); +} + +/** +This function found in impl {libcrux_secrets::traits::Classify for T} +*/ +/** +A monomorphic instance of libcrux_secrets.int.public_integers.classify_27 +with types int16_t[16size_t] + +*/ +static KRML_MUSTINLINE void libcrux_secrets_int_public_integers_classify_27_46( + int16_t self[16U], int16_t ret[16U]) { + memcpy(ret, self, (size_t)16U * sizeof(int16_t)); +} + +/** +This function found in impl {libcrux_secrets::traits::ClassifyRef<&'a +(@Slice)> for &'a (@Slice)} +*/ +/** +A monomorphic instance of libcrux_secrets.int.classify_public.classify_ref_9b +with types uint8_t + +*/ +static KRML_MUSTINLINE Eurydice_slice +libcrux_secrets_int_classify_public_classify_ref_9b_90(Eurydice_slice self) { + return self; +} + +/** +This function found in impl {libcrux_secrets::traits::ClassifyRef<&'a +(@Slice)> for &'a (@Slice)} +*/ +/** +A monomorphic instance of libcrux_secrets.int.classify_public.classify_ref_9b +with types int16_t + +*/ +static KRML_MUSTINLINE Eurydice_slice +libcrux_secrets_int_classify_public_classify_ref_9b_39(Eurydice_slice self) { + return self; +} + /** A monomorphic instance of core.result.Result with types int16_t[16size_t], core_array_TryFromSliceError */ -typedef struct Result_c0_s { - Result_86_tags tag; +typedef struct Result_0a_s { + Result_b2_tags tag; union { int16_t case_Ok[16U]; TryFromSliceError case_Err; } val; -} Result_c0; +} Result_0a; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types int16_t[16size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_f9(Result_c0 self, int16_t ret[16U]) { +static inline void unwrap_26_00(Result_0a self, int16_t ret[16U]) { if (self.tag == Ok) { int16_t f0[16U]; memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof(int16_t)); @@ -708,23 +1439,24 @@ A monomorphic instance of core.result.Result with types uint8_t[8size_t], core_array_TryFromSliceError */ -typedef struct Result_56_s { - Result_86_tags tag; +typedef struct Result_15_s { + Result_b2_tags tag; union { uint8_t case_Ok[8U]; TryFromSliceError case_Err; } val; -} Result_56; +} Result_15; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[8size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_ac(Result_56 self, uint8_t ret[8U]) { +static inline void unwrap_26_68(Result_15 self, uint8_t ret[8U]) { if (self.tag == Ok) { uint8_t f0[8U]; memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof(uint8_t)); @@ -736,39 +1468,30 @@ static inline void unwrap_41_ac(Result_56 self, uint8_t ret[8U]) { } } -typedef struct Eurydice_slice_uint8_t_x2_s { - Eurydice_slice fst; - Eurydice_slice snd; -} Eurydice_slice_uint8_t_x2; - -typedef struct Eurydice_slice_uint8_t_1size_t__x2_s { - Eurydice_slice fst[1U]; - Eurydice_slice snd[1U]; -} Eurydice_slice_uint8_t_1size_t__x2; - #if defined(__cplusplus) } #endif -#define __libcrux_core_H_DEFINED -#endif +#define libcrux_mlkem_core_H_DEFINED +#endif /* libcrux_mlkem_core_H */ -/* from libcrux/libcrux-ml-kem/cg/libcrux_ct_ops.h */ +/* from libcrux/libcrux-ml-kem/extracts/c_header_only/generated/libcrux_ct_ops.h */ /* - * SPDX-FileCopyrightText: 2024 Cryspen Sarl + * SPDX-FileCopyrightText: 2025 Cryspen Sarl * * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee + * Charon: 667d2fc98984ff7f3df989c2367e6c1fa4a000e7 + * Eurydice: 2381cbc416ef2ad0b561c362c500bc84f36b6785 + * Karamel: 80f5435f2fc505973c469a4afcc8d875cddd0d8b + * F*: 71d8221589d4d438af3706d89cb653cf53e18aab + * Libcrux: 68dfed5a4a9e40277f62828471c029afed1ecdcc */ -#ifndef __libcrux_ct_ops_H -#define __libcrux_ct_ops_H +#ifndef libcrux_ct_ops_H +#define libcrux_ct_ops_H + #if defined(__cplusplus) extern "C" { @@ -778,14 +1501,12 @@ extern "C" { /** Return 1 if `value` is not zero and 0 otherwise. */ -static inline uint8_t libcrux_ml_kem_constant_time_ops_inz(uint8_t value) { +static KRML_NOINLINE uint8_t +libcrux_ml_kem_constant_time_ops_inz(uint8_t value) { uint16_t value0 = (uint16_t)value; - uint16_t result = (((uint32_t)value0 | - (uint32_t)core_num__u16_7__wrapping_add(~value0, 1U)) & - 0xFFFFU) >> - 8U & - 1U; - return (uint8_t)result; + uint8_t result = + (uint8_t)((uint32_t)core_num__u16__wrapping_add(~value0, 1U) >> 8U); + return (uint32_t)result & 1U; } static KRML_NOINLINE uint8_t @@ -797,14 +1518,15 @@ libcrux_ml_kem_constant_time_ops_is_non_zero(uint8_t value) { Return 1 if the bytes of `lhs` and `rhs` do not exactly match and 0 otherwise. */ -static inline uint8_t libcrux_ml_kem_constant_time_ops_compare( +static KRML_NOINLINE uint8_t libcrux_ml_kem_constant_time_ops_compare( Eurydice_slice lhs, Eurydice_slice rhs) { uint8_t r = 0U; for (size_t i = (size_t)0U; i < Eurydice_slice_len(lhs, uint8_t); i++) { size_t i0 = i; - r = (uint32_t)r | - ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) ^ - (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *)); + uint8_t nr = (uint32_t)r | + ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) ^ + (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *)); + r = nr; } return libcrux_ml_kem_constant_time_ops_is_non_zero(r); } @@ -819,19 +1541,21 @@ libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( If `selector` is not zero, return the bytes in `rhs`; return the bytes in `lhs` otherwise. */ -static inline void libcrux_ml_kem_constant_time_ops_select_ct( +static KRML_NOINLINE void libcrux_ml_kem_constant_time_ops_select_ct( Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, uint8_t ret[32U]) { - uint8_t mask = core_num__u8_6__wrapping_sub( + uint8_t mask = core_num__u8__wrapping_sub( libcrux_ml_kem_constant_time_ops_is_non_zero(selector), 1U); uint8_t out[32U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE; i++) { size_t i0 = i; - out[i0] = ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) & - (uint32_t)mask) | - ((uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *) & - (uint32_t)~mask); + uint8_t outi = + ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) & + (uint32_t)mask) | + ((uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *) & + (uint32_t)~mask); + out[i0] = outi; } memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -843,7 +1567,7 @@ libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( libcrux_ml_kem_constant_time_ops_select_ct(lhs, rhs, selector, ret); } -static inline void +static KRML_NOINLINE void libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( Eurydice_slice lhs_c, Eurydice_slice rhs_c, Eurydice_slice lhs_s, Eurydice_slice rhs_s, uint8_t ret[32U]) { @@ -860,186 +1584,142 @@ libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_con } #endif -#define __libcrux_ct_ops_H_DEFINED -#endif +#define libcrux_ct_ops_H_DEFINED +#endif /* libcrux_ct_ops_H */ -/* from libcrux/libcrux-ml-kem/cg/libcrux_sha3_portable.h */ +/* from libcrux/libcrux-ml-kem/extracts/c_header_only/generated/libcrux_sha3_portable.h */ /* - * SPDX-FileCopyrightText: 2024 Cryspen Sarl + * SPDX-FileCopyrightText: 2025 Cryspen Sarl * * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee + * Charon: 667d2fc98984ff7f3df989c2367e6c1fa4a000e7 + * Eurydice: 2381cbc416ef2ad0b561c362c500bc84f36b6785 + * Karamel: 80f5435f2fc505973c469a4afcc8d875cddd0d8b + * F*: 71d8221589d4d438af3706d89cb653cf53e18aab + * Libcrux: 68dfed5a4a9e40277f62828471c029afed1ecdcc */ -#ifndef __libcrux_sha3_portable_H -#define __libcrux_sha3_portable_H +#ifndef libcrux_sha3_portable_H +#define libcrux_sha3_portable_H + #if defined(__cplusplus) extern "C" { #endif -static const uint64_t libcrux_sha3_generic_keccak_ROUNDCONSTANTS[24U] = { - 1ULL, - 32898ULL, - 9223372036854808714ULL, - 9223372039002292224ULL, - 32907ULL, - 2147483649ULL, - 9223372039002292353ULL, - 9223372036854808585ULL, - 138ULL, - 136ULL, - 2147516425ULL, - 2147483658ULL, - 2147516555ULL, - 9223372036854775947ULL, - 9223372036854808713ULL, - 9223372036854808579ULL, - 9223372036854808578ULL, - 9223372036854775936ULL, - 32778ULL, - 9223372039002259466ULL, - 9223372039002292353ULL, - 9223372036854808704ULL, - 2147483649ULL, - 9223372039002292232ULL}; - /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} +This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} */ -static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak_zero_5a(void) { +static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_zero_d2(void) { return 0ULL; } -static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak__veor5q_u64( +static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable__veor5q_u64( uint64_t a, uint64_t b, uint64_t c, uint64_t d, uint64_t e) { - uint64_t ab = a ^ b; - uint64_t cd = c ^ d; - uint64_t abcd = ab ^ cd; - return abcd ^ e; + return (((a ^ b) ^ c) ^ d) ^ e; } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} +This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} */ -static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak_xor5_5a( +static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_xor5_d2( uint64_t a, uint64_t b, uint64_t c, uint64_t d, uint64_t e) { - return libcrux_sha3_portable_keccak__veor5q_u64(a, b, c, d, e); + return libcrux_sha3_simd_portable__veor5q_u64(a, b, c, d, e); } /** -A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left +A monomorphic instance of libcrux_sha3.simd.portable.rotate_left with const generics - LEFT= 1 - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb(uint64_t x) { - return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; +libcrux_sha3_simd_portable_rotate_left_76(uint64_t x) { + return core_num__u64__rotate_left(x, (uint32_t)(int32_t)1); } static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) { +libcrux_sha3_simd_portable__vrax1q_u64(uint64_t a, uint64_t b) { uint64_t uu____0 = a; - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_cb(b); + return uu____0 ^ libcrux_sha3_simd_portable_rotate_left_76(b); } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} +This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left1_and_xor_5a(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vrax1q_u64(a, b); +libcrux_sha3_simd_portable_rotate_left1_and_xor_d2(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable__vrax1q_u64(a, b); } static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vbcaxq_u64(uint64_t a, uint64_t b, uint64_t c) { +libcrux_sha3_simd_portable__vbcaxq_u64(uint64_t a, uint64_t b, uint64_t c) { return a ^ (b & ~c); } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} +This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} */ -static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak_and_not_xor_5a( - uint64_t a, uint64_t b, uint64_t c) { - return libcrux_sha3_portable_keccak__vbcaxq_u64(a, b, c); +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_and_not_xor_d2(uint64_t a, uint64_t b, uint64_t c) { + return libcrux_sha3_simd_portable__vbcaxq_u64(a, b, c); } static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__veorq_n_u64(uint64_t a, uint64_t c) { +libcrux_sha3_simd_portable__veorq_n_u64(uint64_t a, uint64_t c) { return a ^ c; } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} +This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_constant_5a(uint64_t a, uint64_t c) { - return libcrux_sha3_portable_keccak__veorq_n_u64(a, c); +libcrux_sha3_simd_portable_xor_constant_d2(uint64_t a, uint64_t c) { + return libcrux_sha3_simd_portable__veorq_n_u64(a, c); } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} +This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} */ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_5a(uint64_t a, uint64_t b) { +static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_xor_d2(uint64_t a, + uint64_t b) { return a ^ b; } -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_slice_1( - Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) { - ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t); -} +static const uint64_t + libcrux_sha3_generic_keccak_constants_ROUNDCONSTANTS[24U] = { + 1ULL, + 32898ULL, + 9223372036854808714ULL, + 9223372039002292224ULL, + 32907ULL, + 2147483649ULL, + 9223372039002292353ULL, + 9223372036854808585ULL, + 138ULL, + 136ULL, + 2147516425ULL, + 2147483658ULL, + 2147516555ULL, + 9223372036854775947ULL, + 9223372036854808713ULL, + 9223372036854808579ULL, + 9223372036854808578ULL, + 9223372036854775936ULL, + 32778ULL, + 9223372039002259466ULL, + 9223372039002292353ULL, + 9223372036854808704ULL, + 2147483649ULL, + 9223372039002292232ULL}; -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_slice_n_5a( - Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) { - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_a[1U]; - memcpy(copy_of_a, a, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret0[1U]; - libcrux_sha3_portable_keccak_slice_1(copy_of_a, start, len, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof(Eurydice_slice)); -} - -static KRML_MUSTINLINE Eurydice_slice_uint8_t_1size_t__x2 -libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U], - size_t mid) { - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at_mut( - out[0U], mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out00 = uu____0.fst; - Eurydice_slice out01 = uu____0.snd; - Eurydice_slice_uint8_t_1size_t__x2 lit; - lit.fst[0U] = out00; - lit.snd[0U] = out01; - return lit; -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -static KRML_MUSTINLINE Eurydice_slice_uint8_t_1size_t__x2 -libcrux_sha3_portable_keccak_split_at_mut_n_5a(Eurydice_slice a[1U], - size_t mid) { - return libcrux_sha3_portable_keccak_split_at_mut_1(a, mid); -} +typedef struct size_t_x2_s { + size_t fst; + size_t snd; +} size_t_x2; /** A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState @@ -1047,2072 +1727,2128 @@ with types uint64_t with const generics - $1size_t */ -typedef struct libcrux_sha3_generic_keccak_KeccakState_48_s { - uint64_t st[5U][5U]; -} libcrux_sha3_generic_keccak_KeccakState_48; +typedef struct libcrux_sha3_generic_keccak_KeccakState_17_s { + uint64_t st[25U]; +} libcrux_sha3_generic_keccak_KeccakState_17; -/** - Create a new Shake128 x4 state. -*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} +N>[TraitClause@0, TraitClause@1]} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_1e +A monomorphic instance of libcrux_sha3.generic_keccak.new_80 with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_1e_f4(void) { - libcrux_sha3_generic_keccak_KeccakState_48 lit; - lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); - lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); - lit.st[0U][2U] = libcrux_sha3_portable_keccak_zero_5a(); - lit.st[0U][3U] = libcrux_sha3_portable_keccak_zero_5a(); - lit.st[0U][4U] = libcrux_sha3_portable_keccak_zero_5a(); - lit.st[1U][0U] = libcrux_sha3_portable_keccak_zero_5a(); - lit.st[1U][1U] = libcrux_sha3_portable_keccak_zero_5a(); - lit.st[1U][2U] = libcrux_sha3_portable_keccak_zero_5a(); - lit.st[1U][3U] = libcrux_sha3_portable_keccak_zero_5a(); - lit.st[1U][4U] = libcrux_sha3_portable_keccak_zero_5a(); - lit.st[2U][0U] = libcrux_sha3_portable_keccak_zero_5a(); - lit.st[2U][1U] = libcrux_sha3_portable_keccak_zero_5a(); - lit.st[2U][2U] = libcrux_sha3_portable_keccak_zero_5a(); - lit.st[2U][3U] = libcrux_sha3_portable_keccak_zero_5a(); - lit.st[2U][4U] = libcrux_sha3_portable_keccak_zero_5a(); - lit.st[3U][0U] = libcrux_sha3_portable_keccak_zero_5a(); - lit.st[3U][1U] = libcrux_sha3_portable_keccak_zero_5a(); - lit.st[3U][2U] = libcrux_sha3_portable_keccak_zero_5a(); - lit.st[3U][3U] = libcrux_sha3_portable_keccak_zero_5a(); - lit.st[3U][4U] = libcrux_sha3_portable_keccak_zero_5a(); - lit.st[4U][0U] = libcrux_sha3_portable_keccak_zero_5a(); - lit.st[4U][1U] = libcrux_sha3_portable_keccak_zero_5a(); - lit.st[4U][2U] = libcrux_sha3_portable_keccak_zero_5a(); - lit.st[4U][3U] = libcrux_sha3_portable_keccak_zero_5a(); - lit.st[4U][4U] = libcrux_sha3_portable_keccak_zero_5a(); +static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_17 +libcrux_sha3_generic_keccak_new_80_04(void) { + libcrux_sha3_generic_keccak_KeccakState_17 lit; + uint64_t repeat_expression[25U]; + for (size_t i = (size_t)0U; i < (size_t)25U; i++) { + repeat_expression[i] = libcrux_sha3_simd_portable_zero_d2(); + } + memcpy(lit.st, repeat_expression, (size_t)25U * sizeof(uint64_t)); return lit; } /** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block +A monomorphic instance of libcrux_sha3.traits.get_ij +with types uint64_t +with const generics +- N= 1 +*/ +static KRML_MUSTINLINE uint64_t *libcrux_sha3_traits_get_ij_04(uint64_t *arr, + size_t i, + size_t j) { + return &arr[(size_t)5U * j + i]; +} + +/** +A monomorphic instance of libcrux_sha3.traits.set_ij +with types uint64_t +with const generics +- N= 1 +*/ +static KRML_MUSTINLINE void libcrux_sha3_traits_set_ij_04(uint64_t *arr, + size_t i, size_t j, + uint64_t value) { + arr[(size_t)5U * j + i] = value; +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable.load_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c( - uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { +static KRML_MUSTINLINE void libcrux_sha3_simd_portable_load_block_f8( + uint64_t *state, Eurydice_slice blocks, size_t start) { + uint64_t state_flat[25U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; + size_t offset = start + (size_t)8U * i0; uint8_t uu____0[8U]; - Result_56 dst; + Result_15 dst; Eurydice_slice_to_array2( &dst, - Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t), - Eurydice_slice, uint8_t[8U]); - unwrap_41_ac(dst, uu____0); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = - s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0); + Eurydice_slice_subslice3(blocks, offset, offset + (size_t)8U, + uint8_t *), + Eurydice_slice, uint8_t[8U], TryFromSliceError); + unwrap_26_68(dst, uu____0); + state_flat[i0] = core_num__u64__from_le_bytes(uu____0); + } + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { + size_t i0 = i; + libcrux_sha3_traits_set_ij_04( + state, i0 / (size_t)5U, i0 % (size_t)5U, + libcrux_sha3_traits_get_ij_04(state, i0 / (size_t)5U, + i0 % (size_t)5U)[0U] ^ + state_flat[i0]); } } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} +This function found in impl {libcrux_sha3::traits::Absorb<1usize> for +libcrux_sha3::generic_keccak::KeccakState[core::marker::Sized, +libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for +u64}]} */ /** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a +A monomorphic instance of libcrux_sha3.simd.portable.load_block_a1 with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b8( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - uint64_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_b[1U]; - memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_2c(uu____0, copy_of_b); +static inline void libcrux_sha3_simd_portable_load_block_a1_f8( + libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *input, + size_t start) { + libcrux_sha3_simd_portable_load_block_f8(self->st, input[0U], start); } /** -A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb0(uint64_t x) { - return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64 -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_42(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb0(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_42(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb1(uint64_t x) { - return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64 -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_420(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb1(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb0(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_420(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb2(uint64_t x) { - return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64 -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_421(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb2(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb1(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_421(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb3(uint64_t x) { - return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64 -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_422(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb3(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb2(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_422(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64 -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_423(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb3(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_423(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb4(uint64_t x) { - return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64 -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_424(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb4(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb4(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_424(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb5(uint64_t x) { - return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64 -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_425(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb5(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb5(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_425(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb6(uint64_t x) { - return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64 -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_426(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb6(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb6(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_426(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb7(uint64_t x) { - return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64 -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_427(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb7(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb7(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_427(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb8(uint64_t x) { - return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64 -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_428(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb8(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb8(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_428(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb9(uint64_t x) { - return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64 -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_429(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb9(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb9(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_429(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb10(uint64_t x) { - return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64 -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_4210(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb10(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb10(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_4210(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb11(uint64_t x) { - return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64 -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_4211(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb11(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb11(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_4211(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb12(uint64_t x) { - return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64 -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_4212(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb12(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb12(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_4212(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb13(uint64_t x) { - return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64 -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_4213(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb13(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb13(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_4213(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb14(uint64_t x) { - return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64 -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_4214(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb14(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb14(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_4214(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb15(uint64_t x) { - return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64 -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_4215(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb15(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb15(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_4215(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb16(uint64_t x) { - return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64 -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_4216(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb16(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a -with const generics -- LEFT= 21 -- RIGHT= 43 +This function found in impl {core::ops::index::Index<(usize, usize), T> for +libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]} */ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb16(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_4216(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb17(uint64_t x) { - return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64 -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_4217(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb17(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb17(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_4217(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb18(uint64_t x) { - return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64 -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_4218(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb18(ab); -} - /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb18(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_4218(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb19(uint64_t x) { - return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64 -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_4219(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb19(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb19(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_4219(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb20(uint64_t x) { - return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64 -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_4220(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb20(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb20(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_4220(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb21(uint64_t x) { - return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64 -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_4221(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb21(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb21(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_4221(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_cb22(uint64_t x) { - return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64 +A monomorphic instance of libcrux_sha3.generic_keccak.index_c2 +with types uint64_t with const generics -- LEFT= 14 -- RIGHT= 50 +- N= 1 */ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_4222(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_cb22(ab); +static inline uint64_t *libcrux_sha3_generic_keccak_index_c2_04( + libcrux_sha3_generic_keccak_KeccakState_17 *self, size_t_x2 index) { + return libcrux_sha3_traits_get_ij_04(self->st, index.fst, index.snd); } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a -with const generics -- LEFT= 14 -- RIGHT= 50 +This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]} */ -static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb22(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_4222(a, b); -} - /** -A monomorphic instance of libcrux_sha3.generic_keccak.theta_rho +A monomorphic instance of libcrux_sha3.generic_keccak.theta_80 with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_16( - libcrux_sha3_generic_keccak_KeccakState_48 *s) { +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_80_04( + libcrux_sha3_generic_keccak_KeccakState_17 *self, uint64_t ret[5U]) { uint64_t c[5U] = { - libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][0U], s->st[1U][0U], - s->st[2U][0U], s->st[3U][0U], - s->st[4U][0U]), - libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][1U], s->st[1U][1U], - s->st[2U][1U], s->st[3U][1U], - s->st[4U][1U]), - libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][2U], s->st[1U][2U], - s->st[2U][2U], s->st[3U][2U], - s->st[4U][2U]), - libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][3U], s->st[1U][3U], - s->st[2U][3U], s->st[3U][3U], - s->st[4U][3U]), - libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][4U], s->st[1U][4U], - s->st[2U][4U], s->st[3U][4U], - s->st[4U][4U])}; - uint64_t uu____0 = libcrux_sha3_portable_keccak_rotate_left1_and_xor_5a( + libcrux_sha3_simd_portable_xor5_d2( + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U, + .snd = (size_t)0U}))[0U], + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U, + .snd = (size_t)0U}))[0U], + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U, + .snd = (size_t)0U}))[0U], + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U, + .snd = (size_t)0U}))[0U], + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U, + .snd = (size_t)0U}))[0U]), + libcrux_sha3_simd_portable_xor5_d2( + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U, + .snd = (size_t)1U}))[0U], + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U, + .snd = (size_t)1U}))[0U], + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U, + .snd = (size_t)1U}))[0U], + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U, + .snd = (size_t)1U}))[0U], + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U, + .snd = (size_t)1U}))[0U]), + libcrux_sha3_simd_portable_xor5_d2( + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U, + .snd = (size_t)2U}))[0U], + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U, + .snd = (size_t)2U}))[0U], + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U, + .snd = (size_t)2U}))[0U], + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U, + .snd = (size_t)2U}))[0U], + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U, + .snd = (size_t)2U}))[0U]), + libcrux_sha3_simd_portable_xor5_d2( + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U, + .snd = (size_t)3U}))[0U], + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U, + .snd = (size_t)3U}))[0U], + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U, + .snd = (size_t)3U}))[0U], + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U, + .snd = (size_t)3U}))[0U], + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U, + .snd = (size_t)3U}))[0U]), + libcrux_sha3_simd_portable_xor5_d2( + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U, + .snd = (size_t)4U}))[0U], + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U, + .snd = (size_t)4U}))[0U], + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U, + .snd = (size_t)4U}))[0U], + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U, + .snd = (size_t)4U}))[0U], + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U, + .snd = (size_t)4U}))[0U])}; + uint64_t uu____0 = libcrux_sha3_simd_portable_rotate_left1_and_xor_d2( c[((size_t)0U + (size_t)4U) % (size_t)5U], c[((size_t)0U + (size_t)1U) % (size_t)5U]); - uint64_t uu____1 = libcrux_sha3_portable_keccak_rotate_left1_and_xor_5a( + uint64_t uu____1 = libcrux_sha3_simd_portable_rotate_left1_and_xor_d2( c[((size_t)1U + (size_t)4U) % (size_t)5U], c[((size_t)1U + (size_t)1U) % (size_t)5U]); - uint64_t uu____2 = libcrux_sha3_portable_keccak_rotate_left1_and_xor_5a( + uint64_t uu____2 = libcrux_sha3_simd_portable_rotate_left1_and_xor_d2( c[((size_t)2U + (size_t)4U) % (size_t)5U], c[((size_t)2U + (size_t)1U) % (size_t)5U]); - uint64_t uu____3 = libcrux_sha3_portable_keccak_rotate_left1_and_xor_5a( + uint64_t uu____3 = libcrux_sha3_simd_portable_rotate_left1_and_xor_d2( c[((size_t)3U + (size_t)4U) % (size_t)5U], c[((size_t)3U + (size_t)1U) % (size_t)5U]); - uint64_t t[5U] = {uu____0, uu____1, uu____2, uu____3, - libcrux_sha3_portable_keccak_rotate_left1_and_xor_5a( - c[((size_t)4U + (size_t)4U) % (size_t)5U], - c[((size_t)4U + (size_t)1U) % (size_t)5U])}; - s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); - s->st[1U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb(s->st[1U][0U], t[0U]); - s->st[2U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb0(s->st[2U][0U], t[0U]); - s->st[3U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb1(s->st[3U][0U], t[0U]); - s->st[4U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb2(s->st[4U][0U], t[0U]); - s->st[0U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb3(s->st[0U][1U], t[1U]); - s->st[1U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb4(s->st[1U][1U], t[1U]); - s->st[2U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb5(s->st[2U][1U], t[1U]); - s->st[3U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb6(s->st[3U][1U], t[1U]); - s->st[4U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb7(s->st[4U][1U], t[1U]); - s->st[0U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb8(s->st[0U][2U], t[2U]); - s->st[1U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb9(s->st[1U][2U], t[2U]); - s->st[2U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb10(s->st[2U][2U], t[2U]); - s->st[3U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb11(s->st[3U][2U], t[2U]); - s->st[4U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb12(s->st[4U][2U], t[2U]); - s->st[0U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb13(s->st[0U][3U], t[3U]); - s->st[1U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb14(s->st[1U][3U], t[3U]); - s->st[2U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb15(s->st[2U][3U], t[3U]); - s->st[3U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb16(s->st[3U][3U], t[3U]); - s->st[4U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb17(s->st[4U][3U], t[3U]); - s->st[0U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb18(s->st[0U][4U], t[4U]); - s->st[1U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb19(s->st[1U][4U], t[4U]); - s->st[2U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb20(s->st[2U][4U], t[4U]); - s->st[3U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb21(s->st[3U][4U], t[4U]); - uint64_t uu____27 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb22(s->st[4U][4U], t[4U]); - s->st[4U][4U] = uu____27; -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.pi + ret[0U] = uu____0; + ret[1U] = uu____1; + ret[2U] = uu____2; + ret[3U] = uu____3; + ret[4U] = libcrux_sha3_simd_portable_rotate_left1_and_xor_d2( + c[((size_t)4U + (size_t)4U) % (size_t)5U], + c[((size_t)4U + (size_t)1U) % (size_t)5U]); +} + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.set_80 with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_1d( - libcrux_sha3_generic_keccak_KeccakState_48 *s) { - uint64_t old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); - s->st[0U][1U] = old[1U][1U]; - s->st[0U][2U] = old[2U][2U]; - s->st[0U][3U] = old[3U][3U]; - s->st[0U][4U] = old[4U][4U]; - s->st[1U][0U] = old[0U][3U]; - s->st[1U][1U] = old[1U][4U]; - s->st[1U][2U] = old[2U][0U]; - s->st[1U][3U] = old[3U][1U]; - s->st[1U][4U] = old[4U][2U]; - s->st[2U][0U] = old[0U][1U]; - s->st[2U][1U] = old[1U][2U]; - s->st[2U][2U] = old[2U][3U]; - s->st[2U][3U] = old[3U][4U]; - s->st[2U][4U] = old[4U][0U]; - s->st[3U][0U] = old[0U][4U]; - s->st[3U][1U] = old[1U][0U]; - s->st[3U][2U] = old[2U][1U]; - s->st[3U][3U] = old[3U][2U]; - s->st[3U][4U] = old[4U][3U]; - s->st[4U][0U] = old[0U][2U]; - s->st[4U][1U] = old[1U][3U]; - s->st[4U][2U] = old[2U][4U]; - s->st[4U][3U] = old[3U][0U]; - s->st[4U][4U] = old[4U][1U]; -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.chi +static inline void libcrux_sha3_generic_keccak_set_80_04( + libcrux_sha3_generic_keccak_KeccakState_17 *self, size_t i, size_t j, + uint64_t v) { + libcrux_sha3_traits_set_ij_04(self->st, i, j, v); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable.rotate_left +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_rotate_left_02(uint64_t x) { + return core_num__u64__rotate_left(x, (uint32_t)(int32_t)36); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable__vxarq_u64_02(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable_rotate_left_02(a ^ b); +} + +/** +This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_xor_and_rotate_d2_02(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable__vxarq_u64_02(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable.rotate_left +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_rotate_left_ac(uint64_t x) { + return core_num__u64__rotate_left(x, (uint32_t)(int32_t)3); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable__vxarq_u64_ac(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable_rotate_left_ac(a ^ b); +} + +/** +This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_xor_and_rotate_d2_ac(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable__vxarq_u64_ac(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable.rotate_left +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_rotate_left_020(uint64_t x) { + return core_num__u64__rotate_left(x, (uint32_t)(int32_t)41); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable__vxarq_u64_020(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable_rotate_left_020(a ^ b); +} + +/** +This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_xor_and_rotate_d2_020(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable__vxarq_u64_020(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable.rotate_left +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_rotate_left_a9(uint64_t x) { + return core_num__u64__rotate_left(x, (uint32_t)(int32_t)18); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable__vxarq_u64_a9(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable_rotate_left_a9(a ^ b); +} + +/** +This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_xor_and_rotate_d2_a9(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable__vxarq_u64_a9(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable__vxarq_u64_76(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable_rotate_left_76(a ^ b); +} + +/** +This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_xor_and_rotate_d2_76(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable__vxarq_u64_76(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable.rotate_left +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_rotate_left_58(uint64_t x) { + return core_num__u64__rotate_left(x, (uint32_t)(int32_t)44); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable__vxarq_u64_58(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable_rotate_left_58(a ^ b); +} + +/** +This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_xor_and_rotate_d2_58(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable__vxarq_u64_58(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable.rotate_left +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_rotate_left_e0(uint64_t x) { + return core_num__u64__rotate_left(x, (uint32_t)(int32_t)10); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable__vxarq_u64_e0(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable_rotate_left_e0(a ^ b); +} + +/** +This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_xor_and_rotate_d2_e0(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable__vxarq_u64_e0(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable.rotate_left +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_rotate_left_63(uint64_t x) { + return core_num__u64__rotate_left(x, (uint32_t)(int32_t)45); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable__vxarq_u64_63(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable_rotate_left_63(a ^ b); +} + +/** +This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_xor_and_rotate_d2_63(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable__vxarq_u64_63(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable.rotate_left +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_rotate_left_6a(uint64_t x) { + return core_num__u64__rotate_left(x, (uint32_t)(int32_t)2); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable__vxarq_u64_6a(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable_rotate_left_6a(a ^ b); +} + +/** +This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_xor_and_rotate_d2_6a(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable__vxarq_u64_6a(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable.rotate_left +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_rotate_left_ab(uint64_t x) { + return core_num__u64__rotate_left(x, (uint32_t)(int32_t)62); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable__vxarq_u64_ab(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable_rotate_left_ab(a ^ b); +} + +/** +This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_xor_and_rotate_d2_ab(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable__vxarq_u64_ab(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable.rotate_left +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_rotate_left_5b(uint64_t x) { + return core_num__u64__rotate_left(x, (uint32_t)(int32_t)6); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable__vxarq_u64_5b(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable_rotate_left_5b(a ^ b); +} + +/** +This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_xor_and_rotate_d2_5b(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable__vxarq_u64_5b(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable.rotate_left +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_rotate_left_6f(uint64_t x) { + return core_num__u64__rotate_left(x, (uint32_t)(int32_t)43); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable__vxarq_u64_6f(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable_rotate_left_6f(a ^ b); +} + +/** +This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_xor_and_rotate_d2_6f(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable__vxarq_u64_6f(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable.rotate_left +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_rotate_left_62(uint64_t x) { + return core_num__u64__rotate_left(x, (uint32_t)(int32_t)15); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable__vxarq_u64_62(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable_rotate_left_62(a ^ b); +} + +/** +This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_xor_and_rotate_d2_62(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable__vxarq_u64_62(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable.rotate_left +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_rotate_left_23(uint64_t x) { + return core_num__u64__rotate_left(x, (uint32_t)(int32_t)61); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable__vxarq_u64_23(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable_rotate_left_23(a ^ b); +} + +/** +This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_xor_and_rotate_d2_23(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable__vxarq_u64_23(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable.rotate_left +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_rotate_left_37(uint64_t x) { + return core_num__u64__rotate_left(x, (uint32_t)(int32_t)28); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable__vxarq_u64_37(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable_rotate_left_37(a ^ b); +} + +/** +This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_xor_and_rotate_d2_37(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable__vxarq_u64_37(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable.rotate_left +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_rotate_left_bb(uint64_t x) { + return core_num__u64__rotate_left(x, (uint32_t)(int32_t)55); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable__vxarq_u64_bb(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable_rotate_left_bb(a ^ b); +} + +/** +This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_xor_and_rotate_d2_bb(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable__vxarq_u64_bb(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable.rotate_left +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_rotate_left_b9(uint64_t x) { + return core_num__u64__rotate_left(x, (uint32_t)(int32_t)25); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable__vxarq_u64_b9(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable_rotate_left_b9(a ^ b); +} + +/** +This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_xor_and_rotate_d2_b9(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable__vxarq_u64_b9(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable.rotate_left +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_rotate_left_54(uint64_t x) { + return core_num__u64__rotate_left(x, (uint32_t)(int32_t)21); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable__vxarq_u64_54(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable_rotate_left_54(a ^ b); +} + +/** +This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_xor_and_rotate_d2_54(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable__vxarq_u64_54(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable.rotate_left +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_rotate_left_4c(uint64_t x) { + return core_num__u64__rotate_left(x, (uint32_t)(int32_t)56); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable__vxarq_u64_4c(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable_rotate_left_4c(a ^ b); +} + +/** +This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_xor_and_rotate_d2_4c(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable__vxarq_u64_4c(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable.rotate_left +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_rotate_left_ce(uint64_t x) { + return core_num__u64__rotate_left(x, (uint32_t)(int32_t)27); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable__vxarq_u64_ce(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable_rotate_left_ce(a ^ b); +} + +/** +This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_xor_and_rotate_d2_ce(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable__vxarq_u64_ce(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable.rotate_left +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_rotate_left_77(uint64_t x) { + return core_num__u64__rotate_left(x, (uint32_t)(int32_t)20); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable__vxarq_u64_77(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable_rotate_left_77(a ^ b); +} + +/** +This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_xor_and_rotate_d2_77(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable__vxarq_u64_77(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable.rotate_left +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_rotate_left_25(uint64_t x) { + return core_num__u64__rotate_left(x, (uint32_t)(int32_t)39); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable__vxarq_u64_25(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable_rotate_left_25(a ^ b); +} + +/** +This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_xor_and_rotate_d2_25(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable__vxarq_u64_25(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable.rotate_left +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_rotate_left_af(uint64_t x) { + return core_num__u64__rotate_left(x, (uint32_t)(int32_t)8); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable__vxarq_u64_af(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable_rotate_left_af(a ^ b); +} + +/** +This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_xor_and_rotate_d2_af(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable__vxarq_u64_af(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable.rotate_left +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_rotate_left_fd(uint64_t x) { + return core_num__u64__rotate_left(x, (uint32_t)(int32_t)14); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable__vxarq_u64_fd(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable_rotate_left_fd(a ^ b); +} + +/** +This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE uint64_t +libcrux_sha3_simd_portable_xor_and_rotate_d2_fd(uint64_t a, uint64_t b) { + return libcrux_sha3_simd_portable__vxarq_u64_fd(a, b); +} + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.rho_80 +with types uint64_t +with const generics +- N= 1 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_rho_80_04( + libcrux_sha3_generic_keccak_KeccakState_17 *self, uint64_t t[5U]) { + libcrux_sha3_generic_keccak_set_80_04( + self, (size_t)0U, (size_t)0U, + libcrux_sha3_simd_portable_xor_d2( + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U, + .snd = (size_t)0U}))[0U], + t[0U])); + libcrux_sha3_generic_keccak_KeccakState_17 *uu____0 = self; + libcrux_sha3_generic_keccak_set_80_04( + uu____0, (size_t)1U, (size_t)0U, + libcrux_sha3_simd_portable_xor_and_rotate_d2_02( + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U, + .snd = (size_t)0U}))[0U], + t[0U])); + libcrux_sha3_generic_keccak_KeccakState_17 *uu____1 = self; + libcrux_sha3_generic_keccak_set_80_04( + uu____1, (size_t)2U, (size_t)0U, + libcrux_sha3_simd_portable_xor_and_rotate_d2_ac( + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U, + .snd = (size_t)0U}))[0U], + t[0U])); + libcrux_sha3_generic_keccak_KeccakState_17 *uu____2 = self; + libcrux_sha3_generic_keccak_set_80_04( + uu____2, (size_t)3U, (size_t)0U, + libcrux_sha3_simd_portable_xor_and_rotate_d2_020( + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U, + .snd = (size_t)0U}))[0U], + t[0U])); + libcrux_sha3_generic_keccak_KeccakState_17 *uu____3 = self; + libcrux_sha3_generic_keccak_set_80_04( + uu____3, (size_t)4U, (size_t)0U, + libcrux_sha3_simd_portable_xor_and_rotate_d2_a9( + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U, + .snd = (size_t)0U}))[0U], + t[0U])); + libcrux_sha3_generic_keccak_KeccakState_17 *uu____4 = self; + libcrux_sha3_generic_keccak_set_80_04( + uu____4, (size_t)0U, (size_t)1U, + libcrux_sha3_simd_portable_xor_and_rotate_d2_76( + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U, + .snd = (size_t)1U}))[0U], + t[1U])); + libcrux_sha3_generic_keccak_KeccakState_17 *uu____5 = self; + libcrux_sha3_generic_keccak_set_80_04( + uu____5, (size_t)1U, (size_t)1U, + libcrux_sha3_simd_portable_xor_and_rotate_d2_58( + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U, + .snd = (size_t)1U}))[0U], + t[1U])); + libcrux_sha3_generic_keccak_KeccakState_17 *uu____6 = self; + libcrux_sha3_generic_keccak_set_80_04( + uu____6, (size_t)2U, (size_t)1U, + libcrux_sha3_simd_portable_xor_and_rotate_d2_e0( + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U, + .snd = (size_t)1U}))[0U], + t[1U])); + libcrux_sha3_generic_keccak_KeccakState_17 *uu____7 = self; + libcrux_sha3_generic_keccak_set_80_04( + uu____7, (size_t)3U, (size_t)1U, + libcrux_sha3_simd_portable_xor_and_rotate_d2_63( + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U, + .snd = (size_t)1U}))[0U], + t[1U])); + libcrux_sha3_generic_keccak_KeccakState_17 *uu____8 = self; + libcrux_sha3_generic_keccak_set_80_04( + uu____8, (size_t)4U, (size_t)1U, + libcrux_sha3_simd_portable_xor_and_rotate_d2_6a( + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U, + .snd = (size_t)1U}))[0U], + t[1U])); + libcrux_sha3_generic_keccak_KeccakState_17 *uu____9 = self; + libcrux_sha3_generic_keccak_set_80_04( + uu____9, (size_t)0U, (size_t)2U, + libcrux_sha3_simd_portable_xor_and_rotate_d2_ab( + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U, + .snd = (size_t)2U}))[0U], + t[2U])); + libcrux_sha3_generic_keccak_KeccakState_17 *uu____10 = self; + libcrux_sha3_generic_keccak_set_80_04( + uu____10, (size_t)1U, (size_t)2U, + libcrux_sha3_simd_portable_xor_and_rotate_d2_5b( + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U, + .snd = (size_t)2U}))[0U], + t[2U])); + libcrux_sha3_generic_keccak_KeccakState_17 *uu____11 = self; + libcrux_sha3_generic_keccak_set_80_04( + uu____11, (size_t)2U, (size_t)2U, + libcrux_sha3_simd_portable_xor_and_rotate_d2_6f( + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U, + .snd = (size_t)2U}))[0U], + t[2U])); + libcrux_sha3_generic_keccak_KeccakState_17 *uu____12 = self; + libcrux_sha3_generic_keccak_set_80_04( + uu____12, (size_t)3U, (size_t)2U, + libcrux_sha3_simd_portable_xor_and_rotate_d2_62( + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U, + .snd = (size_t)2U}))[0U], + t[2U])); + libcrux_sha3_generic_keccak_KeccakState_17 *uu____13 = self; + libcrux_sha3_generic_keccak_set_80_04( + uu____13, (size_t)4U, (size_t)2U, + libcrux_sha3_simd_portable_xor_and_rotate_d2_23( + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U, + .snd = (size_t)2U}))[0U], + t[2U])); + libcrux_sha3_generic_keccak_KeccakState_17 *uu____14 = self; + libcrux_sha3_generic_keccak_set_80_04( + uu____14, (size_t)0U, (size_t)3U, + libcrux_sha3_simd_portable_xor_and_rotate_d2_37( + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U, + .snd = (size_t)3U}))[0U], + t[3U])); + libcrux_sha3_generic_keccak_KeccakState_17 *uu____15 = self; + libcrux_sha3_generic_keccak_set_80_04( + uu____15, (size_t)1U, (size_t)3U, + libcrux_sha3_simd_portable_xor_and_rotate_d2_bb( + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U, + .snd = (size_t)3U}))[0U], + t[3U])); + libcrux_sha3_generic_keccak_KeccakState_17 *uu____16 = self; + libcrux_sha3_generic_keccak_set_80_04( + uu____16, (size_t)2U, (size_t)3U, + libcrux_sha3_simd_portable_xor_and_rotate_d2_b9( + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U, + .snd = (size_t)3U}))[0U], + t[3U])); + libcrux_sha3_generic_keccak_KeccakState_17 *uu____17 = self; + libcrux_sha3_generic_keccak_set_80_04( + uu____17, (size_t)3U, (size_t)3U, + libcrux_sha3_simd_portable_xor_and_rotate_d2_54( + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U, + .snd = (size_t)3U}))[0U], + t[3U])); + libcrux_sha3_generic_keccak_KeccakState_17 *uu____18 = self; + libcrux_sha3_generic_keccak_set_80_04( + uu____18, (size_t)4U, (size_t)3U, + libcrux_sha3_simd_portable_xor_and_rotate_d2_4c( + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U, + .snd = (size_t)3U}))[0U], + t[3U])); + libcrux_sha3_generic_keccak_KeccakState_17 *uu____19 = self; + libcrux_sha3_generic_keccak_set_80_04( + uu____19, (size_t)0U, (size_t)4U, + libcrux_sha3_simd_portable_xor_and_rotate_d2_ce( + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U, + .snd = (size_t)4U}))[0U], + t[4U])); + libcrux_sha3_generic_keccak_KeccakState_17 *uu____20 = self; + libcrux_sha3_generic_keccak_set_80_04( + uu____20, (size_t)1U, (size_t)4U, + libcrux_sha3_simd_portable_xor_and_rotate_d2_77( + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U, + .snd = (size_t)4U}))[0U], + t[4U])); + libcrux_sha3_generic_keccak_KeccakState_17 *uu____21 = self; + libcrux_sha3_generic_keccak_set_80_04( + uu____21, (size_t)2U, (size_t)4U, + libcrux_sha3_simd_portable_xor_and_rotate_d2_25( + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U, + .snd = (size_t)4U}))[0U], + t[4U])); + libcrux_sha3_generic_keccak_KeccakState_17 *uu____22 = self; + libcrux_sha3_generic_keccak_set_80_04( + uu____22, (size_t)3U, (size_t)4U, + libcrux_sha3_simd_portable_xor_and_rotate_d2_af( + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U, + .snd = (size_t)4U}))[0U], + t[4U])); + libcrux_sha3_generic_keccak_KeccakState_17 *uu____23 = self; + libcrux_sha3_generic_keccak_set_80_04( + uu____23, (size_t)4U, (size_t)4U, + libcrux_sha3_simd_portable_xor_and_rotate_d2_fd( + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U, + .snd = (size_t)4U}))[0U], + t[4U])); +} + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.pi_80 +with types uint64_t +with const generics +- N= 1 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_80_04( + libcrux_sha3_generic_keccak_KeccakState_17 *self) { + libcrux_sha3_generic_keccak_KeccakState_17 old = self[0U]; + libcrux_sha3_generic_keccak_set_80_04( + self, (size_t)1U, (size_t)0U, + libcrux_sha3_generic_keccak_index_c2_04( + &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U, + .snd = (size_t)3U}))[0U]); + libcrux_sha3_generic_keccak_set_80_04( + self, (size_t)2U, (size_t)0U, + libcrux_sha3_generic_keccak_index_c2_04( + &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U, + .snd = (size_t)1U}))[0U]); + libcrux_sha3_generic_keccak_set_80_04( + self, (size_t)3U, (size_t)0U, + libcrux_sha3_generic_keccak_index_c2_04( + &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U, + .snd = (size_t)4U}))[0U]); + libcrux_sha3_generic_keccak_set_80_04( + self, (size_t)4U, (size_t)0U, + libcrux_sha3_generic_keccak_index_c2_04( + &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U, + .snd = (size_t)2U}))[0U]); + libcrux_sha3_generic_keccak_set_80_04( + self, (size_t)0U, (size_t)1U, + libcrux_sha3_generic_keccak_index_c2_04( + &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U, + .snd = (size_t)1U}))[0U]); + libcrux_sha3_generic_keccak_set_80_04( + self, (size_t)1U, (size_t)1U, + libcrux_sha3_generic_keccak_index_c2_04( + &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U, + .snd = (size_t)4U}))[0U]); + libcrux_sha3_generic_keccak_set_80_04( + self, (size_t)2U, (size_t)1U, + libcrux_sha3_generic_keccak_index_c2_04( + &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U, + .snd = (size_t)2U}))[0U]); + libcrux_sha3_generic_keccak_set_80_04( + self, (size_t)3U, (size_t)1U, + libcrux_sha3_generic_keccak_index_c2_04( + &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U, + .snd = (size_t)0U}))[0U]); + libcrux_sha3_generic_keccak_set_80_04( + self, (size_t)4U, (size_t)1U, + libcrux_sha3_generic_keccak_index_c2_04( + &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U, + .snd = (size_t)3U}))[0U]); + libcrux_sha3_generic_keccak_set_80_04( + self, (size_t)0U, (size_t)2U, + libcrux_sha3_generic_keccak_index_c2_04( + &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U, + .snd = (size_t)2U}))[0U]); + libcrux_sha3_generic_keccak_set_80_04( + self, (size_t)1U, (size_t)2U, + libcrux_sha3_generic_keccak_index_c2_04( + &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U, + .snd = (size_t)0U}))[0U]); + libcrux_sha3_generic_keccak_set_80_04( + self, (size_t)2U, (size_t)2U, + libcrux_sha3_generic_keccak_index_c2_04( + &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U, + .snd = (size_t)3U}))[0U]); + libcrux_sha3_generic_keccak_set_80_04( + self, (size_t)3U, (size_t)2U, + libcrux_sha3_generic_keccak_index_c2_04( + &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U, + .snd = (size_t)1U}))[0U]); + libcrux_sha3_generic_keccak_set_80_04( + self, (size_t)4U, (size_t)2U, + libcrux_sha3_generic_keccak_index_c2_04( + &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U, + .snd = (size_t)4U}))[0U]); + libcrux_sha3_generic_keccak_set_80_04( + self, (size_t)0U, (size_t)3U, + libcrux_sha3_generic_keccak_index_c2_04( + &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U, + .snd = (size_t)3U}))[0U]); + libcrux_sha3_generic_keccak_set_80_04( + self, (size_t)1U, (size_t)3U, + libcrux_sha3_generic_keccak_index_c2_04( + &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U, + .snd = (size_t)1U}))[0U]); + libcrux_sha3_generic_keccak_set_80_04( + self, (size_t)2U, (size_t)3U, + libcrux_sha3_generic_keccak_index_c2_04( + &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U, + .snd = (size_t)4U}))[0U]); + libcrux_sha3_generic_keccak_set_80_04( + self, (size_t)3U, (size_t)3U, + libcrux_sha3_generic_keccak_index_c2_04( + &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U, + .snd = (size_t)2U}))[0U]); + libcrux_sha3_generic_keccak_set_80_04( + self, (size_t)4U, (size_t)3U, + libcrux_sha3_generic_keccak_index_c2_04( + &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U, + .snd = (size_t)0U}))[0U]); + libcrux_sha3_generic_keccak_set_80_04( + self, (size_t)0U, (size_t)4U, + libcrux_sha3_generic_keccak_index_c2_04( + &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U, + .snd = (size_t)4U}))[0U]); + libcrux_sha3_generic_keccak_set_80_04( + self, (size_t)1U, (size_t)4U, + libcrux_sha3_generic_keccak_index_c2_04( + &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U, + .snd = (size_t)2U}))[0U]); + libcrux_sha3_generic_keccak_set_80_04( + self, (size_t)2U, (size_t)4U, + libcrux_sha3_generic_keccak_index_c2_04( + &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U, + .snd = (size_t)0U}))[0U]); + libcrux_sha3_generic_keccak_set_80_04( + self, (size_t)3U, (size_t)4U, + libcrux_sha3_generic_keccak_index_c2_04( + &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U, + .snd = (size_t)3U}))[0U]); + libcrux_sha3_generic_keccak_set_80_04( + self, (size_t)4U, (size_t)4U, + libcrux_sha3_generic_keccak_index_c2_04( + &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U, + .snd = (size_t)1U}))[0U]); +} + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.chi_80 with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_12( - libcrux_sha3_generic_keccak_KeccakState_48 *s) { - uint64_t old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_80_04( + libcrux_sha3_generic_keccak_KeccakState_17 *self) { + libcrux_sha3_generic_keccak_KeccakState_17 old = self[0U]; for (size_t i0 = (size_t)0U; i0 < (size_t)5U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)5U; i++) { size_t j = i; - s->st[i1][j] = libcrux_sha3_portable_keccak_and_not_xor_5a( - s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], - old[i1][(j + (size_t)1U) % (size_t)5U]); + libcrux_sha3_generic_keccak_set_80_04( + self, i1, j, + libcrux_sha3_simd_portable_and_not_xor_d2( + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = i1, .snd = j}))[0U], + libcrux_sha3_generic_keccak_index_c2_04( + &old, + (KRML_CLITERAL(size_t_x2){ + .fst = i1, .snd = (j + (size_t)2U) % (size_t)5U}))[0U], + libcrux_sha3_generic_keccak_index_c2_04( + &old, + (KRML_CLITERAL(size_t_x2){ + .fst = i1, .snd = (j + (size_t)1U) % (size_t)5U}))[0U])); } } } /** -A monomorphic instance of libcrux_sha3.generic_keccak.iota +This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.iota_80 with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_62( - libcrux_sha3_generic_keccak_KeccakState_48 *s, size_t i) { - s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_constant_5a( - s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_80_04( + libcrux_sha3_generic_keccak_KeccakState_17 *self, size_t i) { + libcrux_sha3_generic_keccak_set_80_04( + self, (size_t)0U, (size_t)0U, + libcrux_sha3_simd_portable_xor_constant_d2( + libcrux_sha3_generic_keccak_index_c2_04( + self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U, + .snd = (size_t)0U}))[0U], + libcrux_sha3_generic_keccak_constants_ROUNDCONSTANTS[i])); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600 +This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600_80 with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_21( - libcrux_sha3_generic_keccak_KeccakState_48 *s) { +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_80_04( + libcrux_sha3_generic_keccak_KeccakState_17 *self) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_16(s); - libcrux_sha3_generic_keccak_pi_1d(s); - libcrux_sha3_generic_keccak_chi_12(s); - libcrux_sha3_generic_keccak_iota_62(s, i0); + uint64_t t[5U]; + libcrux_sha3_generic_keccak_theta_80_04(self, t); + libcrux_sha3_generic_keccak_KeccakState_17 *uu____0 = self; + uint64_t uu____1[5U]; + memcpy(uu____1, t, (size_t)5U * sizeof(uint64_t)); + libcrux_sha3_generic_keccak_rho_80_04(uu____0, uu____1); + libcrux_sha3_generic_keccak_pi_80_04(self); + libcrux_sha3_generic_keccak_chi_80_04(self); + libcrux_sha3_generic_keccak_iota_80_04(self, i0); } } /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block_80 with types uint64_t with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { - uint64_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_b8(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_21(s); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_80_c6( + libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *blocks, + size_t start) { + libcrux_sha3_simd_portable_load_block_a1_f8(self, blocks, start); + libcrux_sha3_generic_keccak_keccakf1600_80_04(self); } /** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full +A monomorphic instance of libcrux_sha3.simd.portable.load_last with const generics - RATE= 72 +- DELIMITER= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_2c(s, buf); +static KRML_MUSTINLINE void libcrux_sha3_simd_portable_load_last_96( + uint64_t *state, Eurydice_slice blocks, size_t start, size_t len) { + uint8_t buffer[72U] = {0U}; + Eurydice_slice_copy( + Eurydice_array_to_subslice3(buffer, (size_t)0U, len, uint8_t *), + Eurydice_slice_subslice3(blocks, start, start + len, uint8_t *), uint8_t); + buffer[len] = 6U; + size_t uu____0 = (size_t)72U - (size_t)1U; + buffer[uu____0] = (uint32_t)buffer[uu____0] | 128U; + libcrux_sha3_simd_portable_load_block_f8( + state, Eurydice_array_to_slice((size_t)72U, buffer, uint8_t), (size_t)0U); } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} +This function found in impl {libcrux_sha3::traits::Absorb<1usize> for +libcrux_sha3::generic_keccak::KeccakState[core::marker::Sized, +libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for +u64}]} */ /** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a +A monomorphic instance of libcrux_sha3.simd.portable.load_last_a1 with const generics - RATE= 72 +- DELIMITER= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d2( - uint64_t (*a)[5U], uint8_t b[1U][200U]) { - uint64_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_b[1U][200U]; - memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_df(uu____0, copy_of_b); +static inline void libcrux_sha3_simd_portable_load_last_a1_96( + libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *input, + size_t start, size_t len) { + libcrux_sha3_simd_portable_load_last_96(self->st, input[0U], start, len); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_80 with types uint64_t with const generics - N= 1 - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c7( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t); - uint8_t blocks[1U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t); - Eurydice_slice_copy(uu____0, last[i0], uint8_t); - } - blocks[i0][last_len] = 6U; - size_t uu____1 = i0; - size_t uu____2 = (size_t)72U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; - } - uint64_t(*uu____3)[5U] = s->st; - uint8_t uu____4[1U][200U]; - memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_d2(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_21(s); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_80_9e( + libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *last, + size_t start, size_t len) { + libcrux_sha3_simd_portable_load_last_a1_96(self, last, start, len); + libcrux_sha3_generic_keccak_keccakf1600_80_04(self); } /** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block +A monomorphic instance of libcrux_sha3.simd.portable.store_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58( - uint64_t (*s)[5U], Eurydice_slice out[1U]) { - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { +static KRML_MUSTINLINE void libcrux_sha3_simd_portable_store_block_f8( + uint64_t *s, Eurydice_slice out, size_t start, size_t len) { + size_t octets = len / (size_t)8U; + for (size_t i = (size_t)0U; i < octets; i++) { size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); + Eurydice_slice uu____0 = Eurydice_slice_subslice3( + out, start + (size_t)8U * i0, start + (size_t)8U * i0 + (size_t)8U, + uint8_t *); uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_num__u64__to_le_bytes( + libcrux_sha3_traits_get_ij_04(s, i0 / (size_t)5U, i0 % (size_t)5U)[0U], + ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full -with const generics -- RATE= 72 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d( - uint64_t (*s)[5U], uint8_t ret[1U][200U]) { - uint8_t out[200U] = {0U}; - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_58(s, buf); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_out[200U]; - memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a -with const generics -- RATE= 72 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_29( - uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_2d(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types uint64_t -with const generics -- N= 1 -- RATE= 72 -*/ -static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_c5( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_29(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i0], uint8_t); + size_t remaining = len % (size_t)8U; + if (remaining > (size_t)0U) { + Eurydice_slice uu____1 = Eurydice_slice_subslice3( + out, start + len - remaining, start + len, uint8_t *); + uint8_t ret[8U]; + core_num__u64__to_le_bytes( + libcrux_sha3_traits_get_ij_04(s, octets / (size_t)5U, + octets % (size_t)5U)[0U], + ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), + uu____1, + Eurydice_array_to_subslice3(ret, (size_t)0U, remaining, uint8_t *), uint8_t); } } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} +This function found in impl {libcrux_sha3::traits::Squeeze1 for +libcrux_sha3::generic_keccak::KeccakState[core::marker::Sized, +libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for +u64}]} */ /** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a +A monomorphic instance of libcrux_sha3.simd.portable.squeeze_13 with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_59( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_58(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types uint64_t -with const generics -- N= 1 -- RATE= 72 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_84( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_59(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types uint64_t -with const generics -- N= 1 -- RATE= 72 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_21(s); - libcrux_sha3_portable_keccak_store_block_5a_59(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types uint64_t -with const generics -- N= 1 -- RATE= 72 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf( - libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_21(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_29(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i0], uint8_t); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), - uint8_t); - } +static inline void libcrux_sha3_simd_portable_squeeze_13_f8( + libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice out, + size_t start, size_t len) { + libcrux_sha3_simd_portable_store_block_f8(self->st, out, start, len); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types uint64_t +A monomorphic instance of libcrux_sha3.generic_keccak.portable.keccak1 with const generics -- N= 1 - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e9( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f4(); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) { +static inline void libcrux_sha3_generic_keccak_portable_keccak1_96( + Eurydice_slice data, Eurydice_slice out) { + libcrux_sha3_generic_keccak_KeccakState_17 s = + libcrux_sha3_generic_keccak_new_80_04(); + size_t data_len = Eurydice_slice_len(data, uint8_t); + for (size_t i = (size_t)0U; i < data_len / (size_t)72U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)72U, - (size_t)72U, ret); - libcrux_sha3_generic_keccak_absorb_block_df(uu____0, ret); + Eurydice_slice buf[1U] = {data}; + libcrux_sha3_generic_keccak_absorb_block_80_c6(&s, buf, i0 * (size_t)72U); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)72U; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_c7(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t); + size_t rem = data_len % (size_t)72U; + Eurydice_slice buf[1U] = {data}; + libcrux_sha3_generic_keccak_absorb_final_80_9e(&s, buf, data_len - rem, rem); + size_t outlen = Eurydice_slice_len(out, uint8_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_c5(&s, out); + libcrux_sha3_simd_portable_squeeze_13_f8(&s, out, (size_t)0U, outlen); } else { - Eurydice_slice_uint8_t_1size_t__x2 uu____4 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)72U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_84(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, Option_b3) - .tag == None) { - break; - } else { - Eurydice_slice_uint8_t_1size_t__x2 uu____5 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)72U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_fc(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); - } + libcrux_sha3_simd_portable_squeeze_13_f8(&s, out, (size_t)0U, (size_t)72U); + for (size_t i = (size_t)1U; i < blocks; i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_keccakf1600_80_04(&s); + libcrux_sha3_simd_portable_squeeze_13_f8(&s, out, i0 * (size_t)72U, + (size_t)72U); } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_cf(s, o1); + libcrux_sha3_generic_keccak_keccakf1600_80_04(&s); + libcrux_sha3_simd_portable_squeeze_13_f8(&s, out, last, outlen - last); } } } -/** -A monomorphic instance of libcrux_sha3.portable.keccakx1 -with const generics -- RATE= 72 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_e9(copy_of_data, out); -} - /** A portable SHA3 512 implementation. */ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { - Eurydice_slice buf0[1U] = {data}; - Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_ce(buf0, buf); + libcrux_sha3_generic_keccak_portable_keccak1_96(data, digest); } /** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block +A monomorphic instance of libcrux_sha3.simd.portable.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c0( - uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { +static KRML_MUSTINLINE void libcrux_sha3_simd_portable_load_block_5b( + uint64_t *state, Eurydice_slice blocks, size_t start) { + uint64_t state_flat[25U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; + size_t offset = start + (size_t)8U * i0; uint8_t uu____0[8U]; - Result_56 dst; + Result_15 dst; Eurydice_slice_to_array2( &dst, - Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t), - Eurydice_slice, uint8_t[8U]); - unwrap_41_ac(dst, uu____0); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = - s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0); + Eurydice_slice_subslice3(blocks, offset, offset + (size_t)8U, + uint8_t *), + Eurydice_slice, uint8_t[8U], TryFromSliceError); + unwrap_26_68(dst, uu____0); + state_flat[i0] = core_num__u64__from_le_bytes(uu____0); } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b80( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - uint64_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_b[1U]; - memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_2c0(uu____0, copy_of_b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types uint64_t -with const generics -- N= 1 -- RATE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df0( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { - uint64_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_b80(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_21(s); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df0( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_2c0(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d20( - uint64_t (*a)[5U], uint8_t b[1U][200U]) { - uint64_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_b[1U][200U]; - memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_df0(uu____0, copy_of_b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types uint64_t -with const generics -- N= 1 -- RATE= 136 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c70( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t); - uint8_t blocks[1U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t); - Eurydice_slice_copy(uu____0, last[i0], uint8_t); - } - blocks[i0][last_len] = 6U; - size_t uu____1 = i0; - size_t uu____2 = (size_t)136U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; - } - uint64_t(*uu____3)[5U] = s->st; - uint8_t uu____4[1U][200U]; - memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_d20(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_21(s); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580( - uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); + libcrux_sha3_traits_set_ij_04( + state, i0 / (size_t)5U, i0 % (size_t)5U, + libcrux_sha3_traits_get_ij_04(state, i0 / (size_t)5U, + i0 % (size_t)5U)[0U] ^ + state_flat[i0]); + } +} + +/** +This function found in impl {libcrux_sha3::traits::Absorb<1usize> for +libcrux_sha3::generic_keccak::KeccakState[core::marker::Sized, +libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for +u64}]} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.portable.load_block_a1 +with const generics +- RATE= 136 +*/ +static inline void libcrux_sha3_simd_portable_load_block_a1_5b( + libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *input, + size_t start) { + libcrux_sha3_simd_portable_load_block_5b(self->st, input[0U], start); +} + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block_80 +with types uint64_t +with const generics +- N= 1 +- RATE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_80_c60( + libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *blocks, + size_t start) { + libcrux_sha3_simd_portable_load_block_a1_5b(self, blocks, start); + libcrux_sha3_generic_keccak_keccakf1600_80_04(self); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable.load_last +with const generics +- RATE= 136 +- DELIMITER= 6 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_portable_load_last_ad( + uint64_t *state, Eurydice_slice blocks, size_t start, size_t len) { + uint8_t buffer[136U] = {0U}; + Eurydice_slice_copy( + Eurydice_array_to_subslice3(buffer, (size_t)0U, len, uint8_t *), + Eurydice_slice_subslice3(blocks, start, start + len, uint8_t *), uint8_t); + buffer[len] = 6U; + size_t uu____0 = (size_t)136U - (size_t)1U; + buffer[uu____0] = (uint32_t)buffer[uu____0] | 128U; + libcrux_sha3_simd_portable_load_block_5b( + state, Eurydice_array_to_slice((size_t)136U, buffer, uint8_t), + (size_t)0U); +} + +/** +This function found in impl {libcrux_sha3::traits::Absorb<1usize> for +libcrux_sha3::generic_keccak::KeccakState[core::marker::Sized, +libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for +u64}]} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.portable.load_last_a1 +with const generics +- RATE= 136 +- DELIMITER= 6 +*/ +static inline void libcrux_sha3_simd_portable_load_last_a1_ad( + libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *input, + size_t start, size_t len) { + libcrux_sha3_simd_portable_load_last_ad(self->st, input[0U], start, len); +} + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_80 +with types uint64_t +with const generics +- N= 1 +- RATE= 136 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_80_9e0( + libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *last, + size_t start, size_t len) { + libcrux_sha3_simd_portable_load_last_a1_ad(self, last, start, len); + libcrux_sha3_generic_keccak_keccakf1600_80_04(self); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable.store_block +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_portable_store_block_5b( + uint64_t *s, Eurydice_slice out, size_t start, size_t len) { + size_t octets = len / (size_t)8U; + for (size_t i = (size_t)0U; i < octets; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_slice_subslice3( + out, start + (size_t)8U * i0, start + (size_t)8U * i0 + (size_t)8U, + uint8_t *); uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_num__u64__to_le_bytes( + libcrux_sha3_traits_get_ij_04(s, i0 / (size_t)5U, i0 % (size_t)5U)[0U], + ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d0( - uint64_t (*s)[5U], uint8_t ret[1U][200U]) { - uint8_t out[200U] = {0U}; - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_580(s, buf); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_out[200U]; - memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_290(uint64_t (*a)[5U], - uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_2d0(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types uint64_t -with const generics -- N= 1 -- RATE= 136 -*/ -static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_c50( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_290(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i0], uint8_t); + size_t remaining = len % (size_t)8U; + if (remaining > (size_t)0U) { + Eurydice_slice uu____1 = Eurydice_slice_subslice3( + out, start + len - remaining, start + len, uint8_t *); + uint8_t ret[8U]; + core_num__u64__to_le_bytes( + libcrux_sha3_traits_get_ij_04(s, octets / (size_t)5U, + octets % (size_t)5U)[0U], + ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), + uu____1, + Eurydice_array_to_subslice3(ret, (size_t)0U, remaining, uint8_t *), uint8_t); } } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} +This function found in impl {libcrux_sha3::traits::Squeeze1 for +libcrux_sha3::generic_keccak::KeccakState[core::marker::Sized, +libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for +u64}]} */ /** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a +A monomorphic instance of libcrux_sha3.simd.portable.squeeze_13 with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_590( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_580(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types uint64_t -with const generics -- N= 1 -- RATE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_840( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_590(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types uint64_t -with const generics -- N= 1 -- RATE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc0( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_21(s); - libcrux_sha3_portable_keccak_store_block_5a_590(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types uint64_t -with const generics -- N= 1 -- RATE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf0( - libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_21(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_290(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i0], uint8_t); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), - uint8_t); - } +static inline void libcrux_sha3_simd_portable_squeeze_13_5b( + libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice out, + size_t start, size_t len) { + libcrux_sha3_simd_portable_store_block_5b(self->st, out, start, len); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types uint64_t +A monomorphic instance of libcrux_sha3.generic_keccak.portable.keccak1 with const generics -- N= 1 - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e90( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f4(); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { +static inline void libcrux_sha3_generic_keccak_portable_keccak1_ad( + Eurydice_slice data, Eurydice_slice out) { + libcrux_sha3_generic_keccak_KeccakState_17 s = + libcrux_sha3_generic_keccak_new_80_04(); + size_t data_len = Eurydice_slice_len(data, uint8_t); + for (size_t i = (size_t)0U; i < data_len / (size_t)136U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, - (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_df0(uu____0, ret); + Eurydice_slice buf[1U] = {data}; + libcrux_sha3_generic_keccak_absorb_block_80_c60(&s, buf, i0 * (size_t)136U); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_c70(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t); + size_t rem = data_len % (size_t)136U; + Eurydice_slice buf[1U] = {data}; + libcrux_sha3_generic_keccak_absorb_final_80_9e0(&s, buf, data_len - rem, rem); + size_t outlen = Eurydice_slice_len(out, uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_c50(&s, out); + libcrux_sha3_simd_portable_squeeze_13_5b(&s, out, (size_t)0U, outlen); } else { - Eurydice_slice_uint8_t_1size_t__x2 uu____4 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_840(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, Option_b3) - .tag == None) { - break; - } else { - Eurydice_slice_uint8_t_1size_t__x2 uu____5 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)136U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_fc0(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); - } + libcrux_sha3_simd_portable_squeeze_13_5b(&s, out, (size_t)0U, (size_t)136U); + for (size_t i = (size_t)1U; i < blocks; i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_keccakf1600_80_04(&s); + libcrux_sha3_simd_portable_squeeze_13_5b(&s, out, i0 * (size_t)136U, + (size_t)136U); } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_cf0(s, o1); + libcrux_sha3_generic_keccak_keccakf1600_80_04(&s); + libcrux_sha3_simd_portable_squeeze_13_5b(&s, out, last, outlen - last); } } } -/** -A monomorphic instance of libcrux_sha3.portable.keccakx1 -with const generics -- RATE= 136 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce0( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_e90(copy_of_data, out); -} - /** A portable SHA3 256 implementation. */ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { - Eurydice_slice buf0[1U] = {data}; - Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_ce0(buf0, buf); + libcrux_sha3_generic_keccak_portable_keccak1_ad(data, digest); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +A monomorphic instance of libcrux_sha3.simd.portable.load_last +with const generics +- RATE= 136 +- DELIMITER= 31 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_portable_load_last_ad0( + uint64_t *state, Eurydice_slice blocks, size_t start, size_t len) { + uint8_t buffer[136U] = {0U}; + Eurydice_slice_copy( + Eurydice_array_to_subslice3(buffer, (size_t)0U, len, uint8_t *), + Eurydice_slice_subslice3(blocks, start, start + len, uint8_t *), uint8_t); + buffer[len] = 31U; + size_t uu____0 = (size_t)136U - (size_t)1U; + buffer[uu____0] = (uint32_t)buffer[uu____0] | 128U; + libcrux_sha3_simd_portable_load_block_5b( + state, Eurydice_array_to_slice((size_t)136U, buffer, uint8_t), + (size_t)0U); +} + +/** +This function found in impl {libcrux_sha3::traits::Absorb<1usize> for +libcrux_sha3::generic_keccak::KeccakState[core::marker::Sized, +libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for +u64}]} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.portable.load_last_a1 +with const generics +- RATE= 136 +- DELIMITER= 31 +*/ +static inline void libcrux_sha3_simd_portable_load_last_a1_ad0( + libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *input, + size_t start, size_t len) { + libcrux_sha3_simd_portable_load_last_ad0(self->st, input[0U], start, len); +} + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_80 with types uint64_t with const generics - N= 1 - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c71( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t); - uint8_t blocks[1U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t); - Eurydice_slice_copy(uu____0, last[i0], uint8_t); - } - blocks[i0][last_len] = 31U; - size_t uu____1 = i0; - size_t uu____2 = (size_t)136U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; - } - uint64_t(*uu____3)[5U] = s->st; - uint8_t uu____4[1U][200U]; - memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_d20(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_21(s); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_80_9e1( + libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *last, + size_t start, size_t len) { + libcrux_sha3_simd_portable_load_last_a1_ad0(self, last, start, len); + libcrux_sha3_generic_keccak_keccakf1600_80_04(self); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types uint64_t +A monomorphic instance of libcrux_sha3.generic_keccak.portable.keccak1 with const generics -- N= 1 - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e91( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f4(); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { +static inline void libcrux_sha3_generic_keccak_portable_keccak1_ad0( + Eurydice_slice data, Eurydice_slice out) { + libcrux_sha3_generic_keccak_KeccakState_17 s = + libcrux_sha3_generic_keccak_new_80_04(); + size_t data_len = Eurydice_slice_len(data, uint8_t); + for (size_t i = (size_t)0U; i < data_len / (size_t)136U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, - (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_df0(uu____0, ret); + Eurydice_slice buf[1U] = {data}; + libcrux_sha3_generic_keccak_absorb_block_80_c60(&s, buf, i0 * (size_t)136U); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_c71(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t); + size_t rem = data_len % (size_t)136U; + Eurydice_slice buf[1U] = {data}; + libcrux_sha3_generic_keccak_absorb_final_80_9e1(&s, buf, data_len - rem, rem); + size_t outlen = Eurydice_slice_len(out, uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_c50(&s, out); + libcrux_sha3_simd_portable_squeeze_13_5b(&s, out, (size_t)0U, outlen); } else { - Eurydice_slice_uint8_t_1size_t__x2 uu____4 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_840(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, Option_b3) - .tag == None) { - break; - } else { - Eurydice_slice_uint8_t_1size_t__x2 uu____5 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)136U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_fc0(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); - } + libcrux_sha3_simd_portable_squeeze_13_5b(&s, out, (size_t)0U, (size_t)136U); + for (size_t i = (size_t)1U; i < blocks; i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_keccakf1600_80_04(&s); + libcrux_sha3_simd_portable_squeeze_13_5b(&s, out, i0 * (size_t)136U, + (size_t)136U); } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_cf0(s, o1); + libcrux_sha3_generic_keccak_keccakf1600_80_04(&s); + libcrux_sha3_simd_portable_squeeze_13_5b(&s, out, last, outlen - last); } } } -/** -A monomorphic instance of libcrux_sha3.portable.keccakx1 -with const generics -- RATE= 136 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce1( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_e91(copy_of_data, out); -} - /** A portable SHAKE256 implementation. */ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { - Eurydice_slice buf0[1U] = {data}; - Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_ce1(buf0, buf); + libcrux_sha3_generic_keccak_portable_keccak1_ad0(data, digest); } -typedef libcrux_sha3_generic_keccak_KeccakState_48 +typedef libcrux_sha3_generic_keccak_KeccakState_17 libcrux_sha3_portable_KeccakState; /** Create a new SHAKE-128 state object. */ -static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 +static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_17 libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_f4(); + return libcrux_sha3_generic_keccak_new_80_04(); } /** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block +A monomorphic instance of libcrux_sha3.simd.portable.load_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c1( - uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { +static KRML_MUSTINLINE void libcrux_sha3_simd_portable_load_block_3a( + uint64_t *state, Eurydice_slice blocks, size_t start) { + uint64_t state_flat[25U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; + size_t offset = start + (size_t)8U * i0; uint8_t uu____0[8U]; - Result_56 dst; + Result_15 dst; Eurydice_slice_to_array2( &dst, - Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t), - Eurydice_slice, uint8_t[8U]); - unwrap_41_ac(dst, uu____0); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = - s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0); + Eurydice_slice_subslice3(blocks, offset, offset + (size_t)8U, + uint8_t *), + Eurydice_slice, uint8_t[8U], TryFromSliceError); + unwrap_26_68(dst, uu____0); + state_flat[i0] = core_num__u64__from_le_bytes(uu____0); + } + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { + size_t i0 = i; + libcrux_sha3_traits_set_ij_04( + state, i0 / (size_t)5U, i0 % (size_t)5U, + libcrux_sha3_traits_get_ij_04(state, i0 / (size_t)5U, + i0 % (size_t)5U)[0U] ^ + state_flat[i0]); } } /** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full +A monomorphic instance of libcrux_sha3.simd.portable.load_last with const generics - RATE= 168 +- DELIMITER= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df1( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_2c1(s, buf); +static KRML_MUSTINLINE void libcrux_sha3_simd_portable_load_last_c6( + uint64_t *state, Eurydice_slice blocks, size_t start, size_t len) { + uint8_t buffer[168U] = {0U}; + Eurydice_slice_copy( + Eurydice_array_to_subslice3(buffer, (size_t)0U, len, uint8_t *), + Eurydice_slice_subslice3(blocks, start, start + len, uint8_t *), uint8_t); + buffer[len] = 31U; + size_t uu____0 = (size_t)168U - (size_t)1U; + buffer[uu____0] = (uint32_t)buffer[uu____0] | 128U; + libcrux_sha3_simd_portable_load_block_3a( + state, Eurydice_array_to_slice((size_t)168U, buffer, uint8_t), + (size_t)0U); } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} +This function found in impl {libcrux_sha3::traits::Absorb<1usize> for +libcrux_sha3::generic_keccak::KeccakState[core::marker::Sized, +libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for +u64}]} */ /** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a +A monomorphic instance of libcrux_sha3.simd.portable.load_last_a1 with const generics - RATE= 168 +- DELIMITER= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d21( - uint64_t (*a)[5U], uint8_t b[1U][200U]) { - uint64_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_b[1U][200U]; - memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_df1(uu____0, copy_of_b); +static inline void libcrux_sha3_simd_portable_load_last_a1_c6( + libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *input, + size_t start, size_t len) { + libcrux_sha3_simd_portable_load_last_c6(self->st, input[0U], start, len); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_80 with types uint64_t with const generics - N= 1 - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c72( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t); - uint8_t blocks[1U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t); - Eurydice_slice_copy(uu____0, last[i0], uint8_t); - } - blocks[i0][last_len] = 31U; - size_t uu____1 = i0; - size_t uu____2 = (size_t)168U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; - } - uint64_t(*uu____3)[5U] = s->st; - uint8_t uu____4[1U][200U]; - memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_d21(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_21(s); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_80_9e2( + libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *last, + size_t start, size_t len) { + libcrux_sha3_simd_portable_load_last_a1_c6(self, last, start, len); + libcrux_sha3_generic_keccak_keccakf1600_80_04(self); } /** @@ -3120,103 +3856,88 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c72( */ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { - Eurydice_slice buf[1U] = {data0}; - libcrux_sha3_generic_keccak_absorb_final_c72(s, buf); + libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice data0) { + libcrux_sha3_generic_keccak_KeccakState_17 *uu____0 = s; + Eurydice_slice uu____1[1U] = {data0}; + libcrux_sha3_generic_keccak_absorb_final_80_9e2( + uu____0, uu____1, (size_t)0U, Eurydice_slice_len(data0, uint8_t)); } /** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block +A monomorphic instance of libcrux_sha3.simd.portable.store_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581( - uint64_t (*s)[5U], Eurydice_slice out[1U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { +static KRML_MUSTINLINE void libcrux_sha3_simd_portable_store_block_3a( + uint64_t *s, Eurydice_slice out, size_t start, size_t len) { + size_t octets = len / (size_t)8U; + for (size_t i = (size_t)0U; i < octets; i++) { size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); + Eurydice_slice uu____0 = Eurydice_slice_subslice3( + out, start + (size_t)8U * i0, start + (size_t)8U * i0 + (size_t)8U, + uint8_t *); uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_num__u64__to_le_bytes( + libcrux_sha3_traits_get_ij_04(s, i0 / (size_t)5U, i0 % (size_t)5U)[0U], + ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } + size_t remaining = len % (size_t)8U; + if (remaining > (size_t)0U) { + Eurydice_slice uu____1 = Eurydice_slice_subslice3( + out, start + len - remaining, start + len, uint8_t *); + uint8_t ret[8U]; + core_num__u64__to_le_bytes( + libcrux_sha3_traits_get_ij_04(s, octets / (size_t)5U, + octets % (size_t)5U)[0U], + ret); + Eurydice_slice_copy( + uu____1, + Eurydice_array_to_subslice3(ret, (size_t)0U, remaining, uint8_t *), + uint8_t); + } } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} +This function found in impl {libcrux_sha3::traits::Squeeze1 for +libcrux_sha3::generic_keccak::KeccakState[core::marker::Sized, +libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for +u64}]} */ /** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a +A monomorphic instance of libcrux_sha3.simd.portable.squeeze_13 with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_591( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_581(a, b); +static inline void libcrux_sha3_simd_portable_squeeze_13_3a( + libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice out, + size_t start, size_t len) { + libcrux_sha3_simd_portable_store_block_3a(self->st, out, start, len); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types uint64_t -with const generics -- N= 1 -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc1( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_21(s); - libcrux_sha3_portable_keccak_store_block_5a_591(s->st, out); -} - -/** - Squeeze another block -*/ -static KRML_MUSTINLINE void -libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { - Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, buf); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types uint64_t -with const generics -- N= 1 -- RATE= 168 +This function found in impl {libcrux_sha3::generic_keccak::KeccakState[core::marker::Sized, +libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for +u64}]} */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_841( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_591(s->st, out); -} - /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks -with types uint64_t -with const generics -- N= 1 +A monomorphic instance of +libcrux_sha3.generic_keccak.portable.squeeze_first_three_blocks_b4 with const +generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_cc( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - Eurydice_slice_uint8_t_1size_t__x2 uu____0 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o10[1U]; - memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_841(s, o0); - Eurydice_slice_uint8_t_1size_t__x2 uu____1 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); - Eurydice_slice o1[1U]; - memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o2[1U]; - memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, o2); +libcrux_sha3_generic_keccak_portable_squeeze_first_three_blocks_b4_3a( + libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice out) { + libcrux_sha3_simd_portable_squeeze_13_3a(self, out, (size_t)0U, (size_t)168U); + libcrux_sha3_generic_keccak_keccakf1600_80_04(self); + libcrux_sha3_simd_portable_squeeze_13_3a(self, out, (size_t)168U, + (size_t)168U); + libcrux_sha3_generic_keccak_keccakf1600_80_04(self); + libcrux_sha3_simd_portable_squeeze_13_3a(self, out, (size_t)2U * (size_t)168U, + (size_t)168U); } /** @@ -3224,39 +3945,71 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_cc( */ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { - Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_cc(s, buf); + libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out0) { + libcrux_sha3_generic_keccak_portable_squeeze_first_three_blocks_b4_3a(s, + out0); } -#define libcrux_sha3_Sha224 0 -#define libcrux_sha3_Sha256 1 -#define libcrux_sha3_Sha384 2 -#define libcrux_sha3_Sha512 3 +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakState[core::marker::Sized, +libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for +u64}]} +*/ +/** +A monomorphic instance of +libcrux_sha3.generic_keccak.portable.squeeze_next_block_b4 with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak_portable_squeeze_next_block_b4_3a( + libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice out, + size_t start) { + libcrux_sha3_generic_keccak_keccakf1600_80_04(self); + libcrux_sha3_simd_portable_squeeze_13_3a(self, out, start, (size_t)168U); +} + +/** + Squeeze another block +*/ +static KRML_MUSTINLINE void +libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out0) { + libcrux_sha3_generic_keccak_portable_squeeze_next_block_b4_3a(s, out0, + (size_t)0U); +} + +#define libcrux_sha3_Algorithm_Sha224 1 +#define libcrux_sha3_Algorithm_Sha256 2 +#define libcrux_sha3_Algorithm_Sha384 3 +#define libcrux_sha3_Algorithm_Sha512 4 typedef uint8_t libcrux_sha3_Algorithm; +typedef uint8_t libcrux_sha3_Sha3_224Digest[28U]; + +typedef uint8_t libcrux_sha3_Sha3_256Digest[32U]; + +typedef uint8_t libcrux_sha3_Sha3_384Digest[48U]; + +typedef uint8_t libcrux_sha3_Sha3_512Digest[64U]; + /** Returns the output size of a digest. */ static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) { - size_t uu____0; switch (mode) { - case libcrux_sha3_Sha224: { - uu____0 = (size_t)28U; + case libcrux_sha3_Algorithm_Sha224: { break; } - case libcrux_sha3_Sha256: { - uu____0 = (size_t)32U; - break; + case libcrux_sha3_Algorithm_Sha256: { + return (size_t)32U; } - case libcrux_sha3_Sha384: { - uu____0 = (size_t)48U; - break; + case libcrux_sha3_Algorithm_Sha384: { + return (size_t)48U; } - case libcrux_sha3_Sha512: { - uu____0 = (size_t)64U; - break; + case libcrux_sha3_Algorithm_Sha512: { + return (size_t)64U; } default: { KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, @@ -3264,725 +4017,453 @@ static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) { KRML_HOST_EXIT(253U); } } - return uu____0; + return (size_t)28U; } /** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block +A monomorphic instance of libcrux_sha3.simd.portable.load_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c2( - uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { +static KRML_MUSTINLINE void libcrux_sha3_simd_portable_load_block_2c( + uint64_t *state, Eurydice_slice blocks, size_t start) { + uint64_t state_flat[25U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; + size_t offset = start + (size_t)8U * i0; uint8_t uu____0[8U]; - Result_56 dst; + Result_15 dst; Eurydice_slice_to_array2( &dst, - Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t), - Eurydice_slice, uint8_t[8U]); - unwrap_41_ac(dst, uu____0); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = - s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0); + Eurydice_slice_subslice3(blocks, offset, offset + (size_t)8U, + uint8_t *), + Eurydice_slice, uint8_t[8U], TryFromSliceError); + unwrap_26_68(dst, uu____0); + state_flat[i0] = core_num__u64__from_le_bytes(uu____0); } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b81( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - uint64_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_b[1U]; - memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_2c2(uu____0, copy_of_b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types uint64_t -with const generics -- N= 1 -- RATE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df1( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { - uint64_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_b81(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_21(s); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df2( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_2c2(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d22( - uint64_t (*a)[5U], uint8_t b[1U][200U]) { - uint64_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_b[1U][200U]; - memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_df2(uu____0, copy_of_b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types uint64_t -with const generics -- N= 1 -- RATE= 144 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c73( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t); - uint8_t blocks[1U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t); - Eurydice_slice_copy(uu____0, last[i0], uint8_t); - } - blocks[i0][last_len] = 6U; - size_t uu____1 = i0; - size_t uu____2 = (size_t)144U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; - } - uint64_t(*uu____3)[5U] = s->st; - uint8_t uu____4[1U][200U]; - memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_d22(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_21(s); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( - uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); + libcrux_sha3_traits_set_ij_04( + state, i0 / (size_t)5U, i0 % (size_t)5U, + libcrux_sha3_traits_get_ij_04(state, i0 / (size_t)5U, + i0 % (size_t)5U)[0U] ^ + state_flat[i0]); + } +} + +/** +This function found in impl {libcrux_sha3::traits::Absorb<1usize> for +libcrux_sha3::generic_keccak::KeccakState[core::marker::Sized, +libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for +u64}]} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.portable.load_block_a1 +with const generics +- RATE= 144 +*/ +static inline void libcrux_sha3_simd_portable_load_block_a1_2c( + libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *input, + size_t start) { + libcrux_sha3_simd_portable_load_block_2c(self->st, input[0U], start); +} + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block_80 +with types uint64_t +with const generics +- N= 1 +- RATE= 144 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_80_c61( + libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *blocks, + size_t start) { + libcrux_sha3_simd_portable_load_block_a1_2c(self, blocks, start); + libcrux_sha3_generic_keccak_keccakf1600_80_04(self); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable.load_last +with const generics +- RATE= 144 +- DELIMITER= 6 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_portable_load_last_1e( + uint64_t *state, Eurydice_slice blocks, size_t start, size_t len) { + uint8_t buffer[144U] = {0U}; + Eurydice_slice_copy( + Eurydice_array_to_subslice3(buffer, (size_t)0U, len, uint8_t *), + Eurydice_slice_subslice3(blocks, start, start + len, uint8_t *), uint8_t); + buffer[len] = 6U; + size_t uu____0 = (size_t)144U - (size_t)1U; + buffer[uu____0] = (uint32_t)buffer[uu____0] | 128U; + libcrux_sha3_simd_portable_load_block_2c( + state, Eurydice_array_to_slice((size_t)144U, buffer, uint8_t), + (size_t)0U); +} + +/** +This function found in impl {libcrux_sha3::traits::Absorb<1usize> for +libcrux_sha3::generic_keccak::KeccakState[core::marker::Sized, +libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for +u64}]} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.portable.load_last_a1 +with const generics +- RATE= 144 +- DELIMITER= 6 +*/ +static inline void libcrux_sha3_simd_portable_load_last_a1_1e( + libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *input, + size_t start, size_t len) { + libcrux_sha3_simd_portable_load_last_1e(self->st, input[0U], start, len); +} + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_80 +with types uint64_t +with const generics +- N= 1 +- RATE= 144 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_80_9e3( + libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *last, + size_t start, size_t len) { + libcrux_sha3_simd_portable_load_last_a1_1e(self, last, start, len); + libcrux_sha3_generic_keccak_keccakf1600_80_04(self); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable.store_block +with const generics +- RATE= 144 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_portable_store_block_2c( + uint64_t *s, Eurydice_slice out, size_t start, size_t len) { + size_t octets = len / (size_t)8U; + for (size_t i = (size_t)0U; i < octets; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_slice_subslice3( + out, start + (size_t)8U * i0, start + (size_t)8U * i0 + (size_t)8U, + uint8_t *); uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_num__u64__to_le_bytes( + libcrux_sha3_traits_get_ij_04(s, i0 / (size_t)5U, i0 % (size_t)5U)[0U], + ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d1( - uint64_t (*s)[5U], uint8_t ret[1U][200U]) { - uint8_t out[200U] = {0U}; - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_582(s, buf); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_out[200U]; - memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_291(uint64_t (*a)[5U], - uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_2d1(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types uint64_t -with const generics -- N= 1 -- RATE= 144 -*/ -static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_c51( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_291(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i0], uint8_t); + size_t remaining = len % (size_t)8U; + if (remaining > (size_t)0U) { + Eurydice_slice uu____1 = Eurydice_slice_subslice3( + out, start + len - remaining, start + len, uint8_t *); + uint8_t ret[8U]; + core_num__u64__to_le_bytes( + libcrux_sha3_traits_get_ij_04(s, octets / (size_t)5U, + octets % (size_t)5U)[0U], + ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), + uu____1, + Eurydice_array_to_subslice3(ret, (size_t)0U, remaining, uint8_t *), uint8_t); } } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} +This function found in impl {libcrux_sha3::traits::Squeeze1 for +libcrux_sha3::generic_keccak::KeccakState[core::marker::Sized, +libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for +u64}]} */ /** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a +A monomorphic instance of libcrux_sha3.simd.portable.squeeze_13 with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_592( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_582(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types uint64_t -with const generics -- N= 1 -- RATE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_842( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_592(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types uint64_t -with const generics -- N= 1 -- RATE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc2( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_21(s); - libcrux_sha3_portable_keccak_store_block_5a_592(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types uint64_t -with const generics -- N= 1 -- RATE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf1( - libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_21(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_291(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i0], uint8_t); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), - uint8_t); - } +static inline void libcrux_sha3_simd_portable_squeeze_13_2c( + libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice out, + size_t start, size_t len) { + libcrux_sha3_simd_portable_store_block_2c(self->st, out, start, len); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types uint64_t +A monomorphic instance of libcrux_sha3.generic_keccak.portable.keccak1 with const generics -- N= 1 - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e92( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f4(); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) { +static inline void libcrux_sha3_generic_keccak_portable_keccak1_1e( + Eurydice_slice data, Eurydice_slice out) { + libcrux_sha3_generic_keccak_KeccakState_17 s = + libcrux_sha3_generic_keccak_new_80_04(); + size_t data_len = Eurydice_slice_len(data, uint8_t); + for (size_t i = (size_t)0U; i < data_len / (size_t)144U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)144U, - (size_t)144U, ret); - libcrux_sha3_generic_keccak_absorb_block_df1(uu____0, ret); + Eurydice_slice buf[1U] = {data}; + libcrux_sha3_generic_keccak_absorb_block_80_c61(&s, buf, i0 * (size_t)144U); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)144U; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_c73(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t); + size_t rem = data_len % (size_t)144U; + Eurydice_slice buf[1U] = {data}; + libcrux_sha3_generic_keccak_absorb_final_80_9e3(&s, buf, data_len - rem, rem); + size_t outlen = Eurydice_slice_len(out, uint8_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_c51(&s, out); + libcrux_sha3_simd_portable_squeeze_13_2c(&s, out, (size_t)0U, outlen); } else { - Eurydice_slice_uint8_t_1size_t__x2 uu____4 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_842(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, Option_b3) - .tag == None) { - break; - } else { - Eurydice_slice_uint8_t_1size_t__x2 uu____5 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)144U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_fc2(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); - } + libcrux_sha3_simd_portable_squeeze_13_2c(&s, out, (size_t)0U, (size_t)144U); + for (size_t i = (size_t)1U; i < blocks; i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_keccakf1600_80_04(&s); + libcrux_sha3_simd_portable_squeeze_13_2c(&s, out, i0 * (size_t)144U, + (size_t)144U); } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_cf1(s, o1); + libcrux_sha3_generic_keccak_keccakf1600_80_04(&s); + libcrux_sha3_simd_portable_squeeze_13_2c(&s, out, last, outlen - last); } } } -/** -A monomorphic instance of libcrux_sha3.portable.keccakx1 -with const generics -- RATE= 144 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce2( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_e92(copy_of_data, out); -} - /** A portable SHA3 224 implementation. */ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { - Eurydice_slice buf0[1U] = {data}; - Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_ce2(buf0, buf); + libcrux_sha3_generic_keccak_portable_keccak1_1e(data, digest); } /** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block +A monomorphic instance of libcrux_sha3.simd.portable.load_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c3( - uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { +static KRML_MUSTINLINE void libcrux_sha3_simd_portable_load_block_7a( + uint64_t *state, Eurydice_slice blocks, size_t start) { + uint64_t state_flat[25U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; + size_t offset = start + (size_t)8U * i0; uint8_t uu____0[8U]; - Result_56 dst; + Result_15 dst; Eurydice_slice_to_array2( &dst, - Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t), - Eurydice_slice, uint8_t[8U]); - unwrap_41_ac(dst, uu____0); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = - s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0); + Eurydice_slice_subslice3(blocks, offset, offset + (size_t)8U, + uint8_t *), + Eurydice_slice, uint8_t[8U], TryFromSliceError); + unwrap_26_68(dst, uu____0); + state_flat[i0] = core_num__u64__from_le_bytes(uu____0); } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a -with const generics -- RATE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b82( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - uint64_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_b[1U]; - memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_2c3(uu____0, copy_of_b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types uint64_t -with const generics -- N= 1 -- RATE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df2( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { - uint64_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_b82(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_21(s); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full -with const generics -- RATE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df3( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_2c3(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a -with const generics -- RATE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d23( - uint64_t (*a)[5U], uint8_t b[1U][200U]) { - uint64_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_b[1U][200U]; - memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_df3(uu____0, copy_of_b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types uint64_t -with const generics -- N= 1 -- RATE= 104 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c74( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t); - uint8_t blocks[1U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t); - Eurydice_slice_copy(uu____0, last[i0], uint8_t); - } - blocks[i0][last_len] = 6U; - size_t uu____1 = i0; - size_t uu____2 = (size_t)104U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; - } - uint64_t(*uu____3)[5U] = s->st; - uint8_t uu____4[1U][200U]; - memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_d23(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_21(s); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block -with const generics -- RATE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583( - uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); + libcrux_sha3_traits_set_ij_04( + state, i0 / (size_t)5U, i0 % (size_t)5U, + libcrux_sha3_traits_get_ij_04(state, i0 / (size_t)5U, + i0 % (size_t)5U)[0U] ^ + state_flat[i0]); + } +} + +/** +This function found in impl {libcrux_sha3::traits::Absorb<1usize> for +libcrux_sha3::generic_keccak::KeccakState[core::marker::Sized, +libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for +u64}]} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.portable.load_block_a1 +with const generics +- RATE= 104 +*/ +static inline void libcrux_sha3_simd_portable_load_block_a1_7a( + libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *input, + size_t start) { + libcrux_sha3_simd_portable_load_block_7a(self->st, input[0U], start); +} + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block_80 +with types uint64_t +with const generics +- N= 1 +- RATE= 104 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_80_c62( + libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *blocks, + size_t start) { + libcrux_sha3_simd_portable_load_block_a1_7a(self, blocks, start); + libcrux_sha3_generic_keccak_keccakf1600_80_04(self); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable.load_last +with const generics +- RATE= 104 +- DELIMITER= 6 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_portable_load_last_7c( + uint64_t *state, Eurydice_slice blocks, size_t start, size_t len) { + uint8_t buffer[104U] = {0U}; + Eurydice_slice_copy( + Eurydice_array_to_subslice3(buffer, (size_t)0U, len, uint8_t *), + Eurydice_slice_subslice3(blocks, start, start + len, uint8_t *), uint8_t); + buffer[len] = 6U; + size_t uu____0 = (size_t)104U - (size_t)1U; + buffer[uu____0] = (uint32_t)buffer[uu____0] | 128U; + libcrux_sha3_simd_portable_load_block_7a( + state, Eurydice_array_to_slice((size_t)104U, buffer, uint8_t), + (size_t)0U); +} + +/** +This function found in impl {libcrux_sha3::traits::Absorb<1usize> for +libcrux_sha3::generic_keccak::KeccakState[core::marker::Sized, +libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for +u64}]} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.portable.load_last_a1 +with const generics +- RATE= 104 +- DELIMITER= 6 +*/ +static inline void libcrux_sha3_simd_portable_load_last_a1_7c( + libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *input, + size_t start, size_t len) { + libcrux_sha3_simd_portable_load_last_7c(self->st, input[0U], start, len); +} + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_80 +with types uint64_t +with const generics +- N= 1 +- RATE= 104 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_80_9e4( + libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *last, + size_t start, size_t len) { + libcrux_sha3_simd_portable_load_last_a1_7c(self, last, start, len); + libcrux_sha3_generic_keccak_keccakf1600_80_04(self); +} + +/** +A monomorphic instance of libcrux_sha3.simd.portable.store_block +with const generics +- RATE= 104 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_portable_store_block_7a( + uint64_t *s, Eurydice_slice out, size_t start, size_t len) { + size_t octets = len / (size_t)8U; + for (size_t i = (size_t)0U; i < octets; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_slice_subslice3( + out, start + (size_t)8U * i0, start + (size_t)8U * i0 + (size_t)8U, + uint8_t *); uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_num__u64__to_le_bytes( + libcrux_sha3_traits_get_ij_04(s, i0 / (size_t)5U, i0 % (size_t)5U)[0U], + ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full -with const generics -- RATE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d2( - uint64_t (*s)[5U], uint8_t ret[1U][200U]) { - uint8_t out[200U] = {0U}; - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_583(s, buf); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_out[200U]; - memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a -with const generics -- RATE= 104 -*/ -static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_292(uint64_t (*a)[5U], - uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_2d2(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types uint64_t -with const generics -- N= 1 -- RATE= 104 -*/ -static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_c52( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_292(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i0], uint8_t); + size_t remaining = len % (size_t)8U; + if (remaining > (size_t)0U) { + Eurydice_slice uu____1 = Eurydice_slice_subslice3( + out, start + len - remaining, start + len, uint8_t *); + uint8_t ret[8U]; + core_num__u64__to_le_bytes( + libcrux_sha3_traits_get_ij_04(s, octets / (size_t)5U, + octets % (size_t)5U)[0U], + ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), + uu____1, + Eurydice_array_to_subslice3(ret, (size_t)0U, remaining, uint8_t *), uint8_t); } } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} +This function found in impl {libcrux_sha3::traits::Squeeze1 for +libcrux_sha3::generic_keccak::KeccakState[core::marker::Sized, +libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for +u64}]} */ /** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a +A monomorphic instance of libcrux_sha3.simd.portable.squeeze_13 with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_593( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_583(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types uint64_t -with const generics -- N= 1 -- RATE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_843( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_593(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types uint64_t -with const generics -- N= 1 -- RATE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc3( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_21(s); - libcrux_sha3_portable_keccak_store_block_5a_593(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types uint64_t -with const generics -- N= 1 -- RATE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf2( - libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_21(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_292(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i0], uint8_t); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), - uint8_t); - } +static inline void libcrux_sha3_simd_portable_squeeze_13_7a( + libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice out, + size_t start, size_t len) { + libcrux_sha3_simd_portable_store_block_7a(self->st, out, start, len); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types uint64_t +A monomorphic instance of libcrux_sha3.generic_keccak.portable.keccak1 with const generics -- N= 1 - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e93( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f4(); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) { +static inline void libcrux_sha3_generic_keccak_portable_keccak1_7c( + Eurydice_slice data, Eurydice_slice out) { + libcrux_sha3_generic_keccak_KeccakState_17 s = + libcrux_sha3_generic_keccak_new_80_04(); + size_t data_len = Eurydice_slice_len(data, uint8_t); + for (size_t i = (size_t)0U; i < data_len / (size_t)104U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)104U, - (size_t)104U, ret); - libcrux_sha3_generic_keccak_absorb_block_df2(uu____0, ret); + Eurydice_slice buf[1U] = {data}; + libcrux_sha3_generic_keccak_absorb_block_80_c62(&s, buf, i0 * (size_t)104U); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)104U; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_c74(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t); + size_t rem = data_len % (size_t)104U; + Eurydice_slice buf[1U] = {data}; + libcrux_sha3_generic_keccak_absorb_final_80_9e4(&s, buf, data_len - rem, rem); + size_t outlen = Eurydice_slice_len(out, uint8_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_c52(&s, out); + libcrux_sha3_simd_portable_squeeze_13_7a(&s, out, (size_t)0U, outlen); } else { - Eurydice_slice_uint8_t_1size_t__x2 uu____4 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_843(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, Option_b3) - .tag == None) { - break; - } else { - Eurydice_slice_uint8_t_1size_t__x2 uu____5 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)104U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_fc3(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); - } + libcrux_sha3_simd_portable_squeeze_13_7a(&s, out, (size_t)0U, (size_t)104U); + for (size_t i = (size_t)1U; i < blocks; i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_keccakf1600_80_04(&s); + libcrux_sha3_simd_portable_squeeze_13_7a(&s, out, i0 * (size_t)104U, + (size_t)104U); } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_cf2(s, o1); + libcrux_sha3_generic_keccak_keccakf1600_80_04(&s); + libcrux_sha3_simd_portable_squeeze_13_7a(&s, out, last, outlen - last); } } } -/** -A monomorphic instance of libcrux_sha3.portable.keccakx1 -with const generics -- RATE= 104 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce3( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_e93(copy_of_data, out); -} - /** A portable SHA3 384 implementation. */ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { - Eurydice_slice buf0[1U] = {data}; - Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_ce3(buf0, buf); + libcrux_sha3_generic_keccak_portable_keccak1_7c(data, digest); } /** @@ -3991,16 +4472,15 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Preconditions: - `digest.len() == 28` */ -static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest, - Eurydice_slice payload) { +static inline void libcrux_sha3_sha224_ema(Eurydice_slice digest, + Eurydice_slice payload) { libcrux_sha3_portable_sha224(digest, payload); } /** SHA3 224 */ -static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, - uint8_t ret[28U]) { +static inline void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]) { uint8_t out[28U] = {0U}; libcrux_sha3_sha224_ema(Eurydice_array_to_slice((size_t)28U, out, uint8_t), data); @@ -4010,16 +4490,15 @@ static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, /** SHA3 256 */ -static KRML_MUSTINLINE void libcrux_sha3_sha256_ema(Eurydice_slice digest, - Eurydice_slice payload) { +static inline void libcrux_sha3_sha256_ema(Eurydice_slice digest, + Eurydice_slice payload) { libcrux_sha3_portable_sha256(digest, payload); } /** SHA3 256 */ -static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, - uint8_t ret[32U]) { +static inline void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; libcrux_sha3_sha256_ema(Eurydice_array_to_slice((size_t)32U, out, uint8_t), data); @@ -4029,16 +4508,15 @@ static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, /** SHA3 384 */ -static KRML_MUSTINLINE void libcrux_sha3_sha384_ema(Eurydice_slice digest, - Eurydice_slice payload) { +static inline void libcrux_sha3_sha384_ema(Eurydice_slice digest, + Eurydice_slice payload) { libcrux_sha3_portable_sha384(digest, payload); } /** SHA3 384 */ -static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, - uint8_t ret[48U]) { +static inline void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]) { uint8_t out[48U] = {0U}; libcrux_sha3_sha384_ema(Eurydice_array_to_slice((size_t)48U, out, uint8_t), data); @@ -4048,16 +4526,15 @@ static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, /** SHA3 512 */ -static KRML_MUSTINLINE void libcrux_sha3_sha512_ema(Eurydice_slice digest, - Eurydice_slice payload) { +static inline void libcrux_sha3_sha512_ema(Eurydice_slice digest, + Eurydice_slice payload) { libcrux_sha3_portable_sha512(digest, payload); } /** SHA3 512 */ -static KRML_MUSTINLINE void libcrux_sha3_sha512(Eurydice_slice data, - uint8_t ret[64U]) { +static inline void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; libcrux_sha3_sha512_ema(Eurydice_array_to_slice((size_t)64U, out, uint8_t), data); @@ -4065,220 +4542,85 @@ static KRML_MUSTINLINE void libcrux_sha3_sha512(Eurydice_slice data, } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} +This function found in impl {libcrux_sha3::traits::Absorb<1usize> for +libcrux_sha3::generic_keccak::KeccakState[core::marker::Sized, +libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for +u64}]} */ /** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a +A monomorphic instance of libcrux_sha3.simd.portable.load_block_a1 with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b83( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - uint64_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_b[1U]; - memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_2c1(uu____0, copy_of_b); +static inline void libcrux_sha3_simd_portable_load_block_a1_3a( + libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *input, + size_t start) { + libcrux_sha3_simd_portable_load_block_3a(self->st, input[0U], start); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types uint64_t -with const generics -- N= 1 -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df3( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { - uint64_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_b83(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_21(s); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d3( - uint64_t (*s)[5U], uint8_t ret[1U][200U]) { - uint8_t out[200U] = {0U}; - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_581(s, buf); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_out[200U]; - memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a -with const generics -- RATE= 168 +This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]} */ -static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_293(uint64_t (*a)[5U], - uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_2d3(a, ret); -} - /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block_80 with types uint64_t with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_c53( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_293(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i0], uint8_t); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), - uint8_t); - } +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_80_c63( + libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *blocks, + size_t start) { + libcrux_sha3_simd_portable_load_block_a1_3a(self, blocks, start); + libcrux_sha3_generic_keccak_keccakf1600_80_04(self); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types uint64_t +A monomorphic instance of libcrux_sha3.generic_keccak.portable.keccak1 with const generics -- N= 1 -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf3( - libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_21(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_293(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i0], uint8_t); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), - uint8_t); - } -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types uint64_t -with const generics -- N= 1 - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e94( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f4(); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) { +static inline void libcrux_sha3_generic_keccak_portable_keccak1_c6( + Eurydice_slice data, Eurydice_slice out) { + libcrux_sha3_generic_keccak_KeccakState_17 s = + libcrux_sha3_generic_keccak_new_80_04(); + size_t data_len = Eurydice_slice_len(data, uint8_t); + for (size_t i = (size_t)0U; i < data_len / (size_t)168U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)168U, - (size_t)168U, ret); - libcrux_sha3_generic_keccak_absorb_block_df3(uu____0, ret); + Eurydice_slice buf[1U] = {data}; + libcrux_sha3_generic_keccak_absorb_block_80_c63(&s, buf, i0 * (size_t)168U); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)168U; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_c72(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t); + size_t rem = data_len % (size_t)168U; + Eurydice_slice buf[1U] = {data}; + libcrux_sha3_generic_keccak_absorb_final_80_9e2(&s, buf, data_len - rem, rem); + size_t outlen = Eurydice_slice_len(out, uint8_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_c53(&s, out); + libcrux_sha3_simd_portable_squeeze_13_3a(&s, out, (size_t)0U, outlen); } else { - Eurydice_slice_uint8_t_1size_t__x2 uu____4 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_841(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, Option_b3) - .tag == None) { - break; - } else { - Eurydice_slice_uint8_t_1size_t__x2 uu____5 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)168U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_fc1(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); - } + libcrux_sha3_simd_portable_squeeze_13_3a(&s, out, (size_t)0U, (size_t)168U); + for (size_t i = (size_t)1U; i < blocks; i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_keccakf1600_80_04(&s); + libcrux_sha3_simd_portable_squeeze_13_3a(&s, out, i0 * (size_t)168U, + (size_t)168U); } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_cf3(s, o1); + libcrux_sha3_generic_keccak_keccakf1600_80_04(&s); + libcrux_sha3_simd_portable_squeeze_13_3a(&s, out, last, outlen - last); } } } -/** -A monomorphic instance of libcrux_sha3.portable.keccakx1 -with const generics -- RATE= 168 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce4( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_e94(copy_of_data, out); -} - /** A portable SHAKE128 implementation. */ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { - Eurydice_slice buf0[1U] = {data}; - Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_ce4(buf0, buf); + libcrux_sha3_generic_keccak_portable_keccak1_c6(data, digest); } /** @@ -4286,8 +4628,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Writes `out.len()` bytes. */ -static KRML_MUSTINLINE void libcrux_sha3_shake128_ema(Eurydice_slice out, - Eurydice_slice data) { +static inline void libcrux_sha3_shake128_ema(Eurydice_slice out, + Eurydice_slice data) { libcrux_sha3_portable_shake128(out, data); } @@ -4296,170 +4638,39 @@ static KRML_MUSTINLINE void libcrux_sha3_shake128_ema(Eurydice_slice out, Writes `out.len()` bytes. */ -static KRML_MUSTINLINE void libcrux_sha3_shake256_ema(Eurydice_slice out, - Eurydice_slice data) { +static inline void libcrux_sha3_shake256_ema(Eurydice_slice out, + Eurydice_slice data) { libcrux_sha3_portable_shake256(out, data); } -static const size_t libcrux_sha3_generic_keccak__PI[24U] = { - (size_t)6U, (size_t)12U, (size_t)18U, (size_t)24U, (size_t)3U, - (size_t)9U, (size_t)10U, (size_t)16U, (size_t)22U, (size_t)1U, - (size_t)7U, (size_t)13U, (size_t)19U, (size_t)20U, (size_t)4U, - (size_t)5U, (size_t)11U, (size_t)17U, (size_t)23U, (size_t)2U, - (size_t)8U, (size_t)14U, (size_t)15U, (size_t)21U}; - -static const size_t libcrux_sha3_generic_keccak__ROTC[24U] = { - (size_t)1U, (size_t)62U, (size_t)28U, (size_t)27U, (size_t)36U, - (size_t)44U, (size_t)6U, (size_t)55U, (size_t)20U, (size_t)3U, - (size_t)10U, (size_t)43U, (size_t)25U, (size_t)39U, (size_t)41U, - (size_t)45U, (size_t)15U, (size_t)21U, (size_t)8U, (size_t)18U, - (size_t)2U, (size_t)61U, (size_t)56U, (size_t)14U}; - /** - A portable SHA3 224 implementation. +This function found in impl {libcrux_sha3::generic_keccak::KeccakState[core::marker::Sized, +libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for +u64}]} */ -static KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, - Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - /** - A portable SHA3 256 implementation. -*/ -static KRML_MUSTINLINE void libcrux_sha3_neon_sha256(Eurydice_slice digest, - Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -/** - A portable SHA3 384 implementation. -*/ -static KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest, - Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -/** - A portable SHA3 512 implementation. -*/ -static KRML_MUSTINLINE void libcrux_sha3_neon_sha512(Eurydice_slice digest, - Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -/** - Run SHAKE256 on both inputs in parallel. - - Writes the two results into `out0` and `out1` -*/ -static KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, - Eurydice_slice input1, - Eurydice_slice out0, - Eurydice_slice out1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s { - libcrux_sha3_generic_keccak_KeccakState_48 state[2U]; -} libcrux_sha3_neon_x2_incremental_KeccakState; - -/** - Initialise the `KeccakState2`. -*/ -static KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState -libcrux_sha3_neon_x2_incremental_shake128_init(void) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -/** - Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`. -*/ -static KRML_MUSTINLINE void -libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, - Eurydice_slice data1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -/** - Squeeze 2 times the first three blocks in parallel in the - [`KeccakState`] and return the output in `out0` and `out1`. -*/ -static KRML_MUSTINLINE void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, - Eurydice_slice out1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -/** - Squeeze 2 times the next block in parallel in the - [`KeccakState`] and return the output in `out0` and `out1`. -*/ -static KRML_MUSTINLINE void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, - Eurydice_slice out1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_five_blocks -with types uint64_t -with const generics -- N= 1 +A monomorphic instance of +libcrux_sha3.generic_keccak.portable.squeeze_first_five_blocks_b4 with const +generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_4f( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - Eurydice_slice_uint8_t_1size_t__x2 uu____0 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o10[1U]; - memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_841(s, o0); - Eurydice_slice_uint8_t_1size_t__x2 uu____1 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); - Eurydice_slice o1[1U]; - memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o20[1U]; - memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, o1); - Eurydice_slice_uint8_t_1size_t__x2 uu____2 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(o20, (size_t)168U); - Eurydice_slice o2[1U]; - memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o30[1U]; - memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, o2); - Eurydice_slice_uint8_t_1size_t__x2 uu____3 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(o30, (size_t)168U); - Eurydice_slice o3[1U]; - memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o4[1U]; - memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, o4); +libcrux_sha3_generic_keccak_portable_squeeze_first_five_blocks_b4_3a( + libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice out) { + libcrux_sha3_simd_portable_squeeze_13_3a(self, out, (size_t)0U, (size_t)168U); + libcrux_sha3_generic_keccak_keccakf1600_80_04(self); + libcrux_sha3_simd_portable_squeeze_13_3a(self, out, (size_t)168U, + (size_t)168U); + libcrux_sha3_generic_keccak_keccakf1600_80_04(self); + libcrux_sha3_simd_portable_squeeze_13_3a(self, out, (size_t)2U * (size_t)168U, + (size_t)168U); + libcrux_sha3_generic_keccak_keccakf1600_80_04(self); + libcrux_sha3_simd_portable_squeeze_13_3a(self, out, (size_t)3U * (size_t)168U, + (size_t)168U); + libcrux_sha3_generic_keccak_keccakf1600_80_04(self); + libcrux_sha3_simd_portable_squeeze_13_3a(self, out, (size_t)4U * (size_t)168U, + (size_t)168U); } /** @@ -4467,9 +4678,8 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_4f( */ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { - Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_4f(s, buf); + libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out0) { + libcrux_sha3_generic_keccak_portable_squeeze_first_five_blocks_b4_3a(s, out0); } /** @@ -4477,17 +4687,36 @@ libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( */ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { - Eurydice_slice buf[1U] = {data}; - libcrux_sha3_generic_keccak_absorb_final_c71(s, buf); + libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice data) { + libcrux_sha3_generic_keccak_KeccakState_17 *uu____0 = s; + Eurydice_slice uu____1[1U] = {data}; + libcrux_sha3_generic_keccak_absorb_final_80_9e1( + uu____0, uu____1, (size_t)0U, Eurydice_slice_len(data, uint8_t)); } /** Create a new SHAKE-256 state object. */ -static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 +static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_17 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_1e_f4(); + return libcrux_sha3_generic_keccak_new_80_04(); +} + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakState[core::marker::Sized, +libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for +u64}]} +*/ +/** +A monomorphic instance of +libcrux_sha3.generic_keccak.portable.squeeze_first_block_b4 with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak_portable_squeeze_first_block_b4_5b( + libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice out) { + libcrux_sha3_simd_portable_squeeze_13_5b(self, out, (size_t)0U, (size_t)136U); } /** @@ -4495,9 +4724,27 @@ libcrux_sha3_portable_incremental_shake256_init(void) { */ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { - Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_first_block_840(s, buf); + libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out) { + libcrux_sha3_generic_keccak_portable_squeeze_first_block_b4_5b(s, out); +} + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakState[core::marker::Sized, +libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for +u64}]} +*/ +/** +A monomorphic instance of +libcrux_sha3.generic_keccak.portable.squeeze_next_block_b4 with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak_portable_squeeze_next_block_b4_5b( + libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice out, + size_t start) { + libcrux_sha3_generic_keccak_keccakf1600_80_04(self); + libcrux_sha3_simd_portable_squeeze_13_5b(self, out, start, (size_t)136U); } /** @@ -4505,51 +4752,43 @@ libcrux_sha3_portable_incremental_shake256_squeeze_first_block( */ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { - Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_next_block_fc0(s, buf); + libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out) { + libcrux_sha3_generic_keccak_portable_squeeze_next_block_b4_5b(s, out, + (size_t)0U); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.KeccakXofState +A monomorphic instance of libcrux_sha3.generic_keccak.xof.KeccakXofState with types uint64_t with const generics - $1size_t - $136size_t */ -typedef struct libcrux_sha3_generic_keccak_KeccakXofState_4f_s { - libcrux_sha3_generic_keccak_KeccakState_48 inner; +typedef struct libcrux_sha3_generic_keccak_xof_KeccakXofState_e2_s { + libcrux_sha3_generic_keccak_KeccakState_17 inner; uint8_t buf[1U][136U]; size_t buf_len; bool sponge; -} libcrux_sha3_generic_keccak_KeccakXofState_4f; +} libcrux_sha3_generic_keccak_xof_KeccakXofState_e2; -typedef libcrux_sha3_generic_keccak_KeccakXofState_4f - libcrux_sha3_portable_incremental_Shake256Absorb; +typedef libcrux_sha3_generic_keccak_xof_KeccakXofState_e2 + libcrux_sha3_portable_incremental_Shake256Xof; /** - Consume the internal buffer and the required amount of the input to pad to - `RATE`. - - Returns the `consumed` bytes from `inputs` if there's enough buffered - content to consume, and `0` otherwise. - If `consumed > 0` is returned, `self.buf` contains a full block to be - loaded. -*/ -/** -This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +This function found in impl +{libcrux_sha3::generic_keccak::xof::KeccakXofState[TraitClause@0, TraitClause@1]} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d +A monomorphic instance of libcrux_sha3.generic_keccak.xof.fill_buffer_35 with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_b0( - libcrux_sha3_generic_keccak_KeccakXofState_4f *self, - Eurydice_slice inputs[1U]) { +static inline size_t libcrux_sha3_generic_keccak_xof_fill_buffer_35_c6( + libcrux_sha3_generic_keccak_xof_KeccakXofState_e2 *self, + Eurydice_slice *inputs) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); size_t consumed = (size_t)0U; if (self->buf_len > (size_t)0U) { @@ -4558,10 +4797,12 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_b0( for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)136U, self->buf[i0], self->buf_len, uint8_t, size_t); + (size_t)136U, self->buf[i0], self->buf_len, uint8_t, size_t, + uint8_t[]); Eurydice_slice_copy( uu____0, - Eurydice_slice_subslice_to(inputs[i0], consumed, uint8_t, size_t), + Eurydice_slice_subslice_to(inputs[i0], consumed, uint8_t, size_t, + uint8_t[]), uint8_t); } self->buf_len = self->buf_len + consumed; @@ -4571,42 +4812,37 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_b0( } /** -This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +This function found in impl +{libcrux_sha3::generic_keccak::xof::KeccakXofState[TraitClause@0, TraitClause@1]} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d +A monomorphic instance of libcrux_sha3.generic_keccak.xof.absorb_full_35 with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_f8( - libcrux_sha3_generic_keccak_KeccakXofState_4f *self, - Eurydice_slice inputs[1U]) { - libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_inputs0[1U]; - memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); +static inline size_t libcrux_sha3_generic_keccak_xof_absorb_full_35_c6( + libcrux_sha3_generic_keccak_xof_KeccakXofState_e2 *self, + Eurydice_slice *inputs) { size_t input_consumed = - libcrux_sha3_generic_keccak_fill_buffer_9d_b0(uu____0, copy_of_inputs0); + libcrux_sha3_generic_keccak_xof_fill_buffer_35_c6(self, inputs); if (input_consumed > (size_t)0U) { Eurydice_slice borrowed[1U]; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { uint8_t buf[136U] = {0U}; - borrowed[i] = core_array___Array_T__N__23__as_slice( - (size_t)136U, buf, uint8_t, Eurydice_slice); + borrowed[i] = core_array___Array_T__N___as_slice((size_t)136U, buf, + uint8_t, Eurydice_slice); } for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; borrowed[i0] = Eurydice_array_to_slice((size_t)136U, self->buf[i0], uint8_t); } - uint64_t(*uu____2)[5U] = self->inner.st; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, borrowed, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_b80(uu____2, uu____3); - libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + libcrux_sha3_simd_portable_load_block_a1_5b(&self->inner, borrowed, + (size_t)0U); + libcrux_sha3_generic_keccak_keccakf1600_80_04(&self->inner); self->buf_len = (size_t)0U; } size_t input_to_consume = @@ -4615,63 +4851,41 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_f8( size_t remainder = input_to_consume % (size_t)136U; for (size_t i = (size_t)0U; i < num_blocks; i++) { size_t i0 = i; - uint64_t(*uu____4)[5U] = self->inner.st; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_inputs[1U]; - memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_inputs, input_consumed + i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_portable_keccak_load_block_5a_b80(uu____4, ret); - libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + libcrux_sha3_simd_portable_load_block_a1_5b( + &self->inner, inputs, input_consumed + i0 * (size_t)136U); + libcrux_sha3_generic_keccak_keccakf1600_80_04(&self->inner); } return remainder; } /** - Absorb - - This function takes any number of bytes to absorb and buffers if it's not - enough. The function assumes that all input slices in `blocks` have the same - length. - - Only a multiple of `RATE` blocks are absorbed. - For the remaining bytes [`absorb_final`] needs to be called. - - This works best with relatively small `inputs`. +This function found in impl +{libcrux_sha3::generic_keccak::xof::KeccakXofState[TraitClause@0, TraitClause@1]} */ /** -This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} -*/ -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d +A monomorphic instance of libcrux_sha3.generic_keccak.xof.absorb_35 with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_7b( - libcrux_sha3_generic_keccak_KeccakXofState_4f *self, - Eurydice_slice inputs[1U]) { - libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_inputs[1U]; - memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_xof_absorb_35_c6( + libcrux_sha3_generic_keccak_xof_KeccakXofState_e2 *self, + Eurydice_slice *inputs) { size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_f8(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_xof_absorb_full_35_c6(self, inputs); if (input_remainder_len > (size_t)0U) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - self->buf[i0], self->buf_len, self->buf_len + input_remainder_len, - uint8_t); - Eurydice_slice_copy( - uu____2, - Eurydice_slice_subslice_from( - inputs[i0], input_len - input_remainder_len, uint8_t, size_t), - uint8_t); + Eurydice_slice_copy(Eurydice_array_to_subslice3( + self->buf[i0], self->buf_len, + self->buf_len + input_remainder_len, uint8_t *), + Eurydice_slice_subslice_from( + inputs[i0], input_len - input_remainder_len, + uint8_t, size_t, uint8_t[]), + uint8_t); } self->buf_len = self->buf_len + input_remainder_len; } @@ -4681,271 +4895,101 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_7b( Shake256 absorb */ /** -This function found in impl -{(libcrux_sha3::portable::incremental::XofAbsorb<136: usize> for -libcrux_sha3::portable::incremental::Shake256Absorb)#2} +This function found in impl {libcrux_sha3::portable::incremental::Xof<136usize> +for libcrux_sha3::portable::incremental::Shake256Xof} */ -static inline void libcrux_sha3_portable_incremental_absorb_7d( - libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice input) { +static inline void libcrux_sha3_portable_incremental_absorb_42( + libcrux_sha3_generic_keccak_xof_KeccakXofState_e2 *self, + Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_9d_7b(self, buf); + libcrux_sha3_generic_keccak_xof_absorb_35_c6(self, buf); } -typedef libcrux_sha3_generic_keccak_KeccakXofState_4f - libcrux_sha3_portable_incremental_Shake256Squeeze; - /** - Absorb a final block. - - The `inputs` block may be empty. Everything in the `inputs` block beyond - `RATE` bytes is ignored. +This function found in impl +{libcrux_sha3::generic_keccak::xof::KeccakXofState[TraitClause@0, TraitClause@1]} */ /** -This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} -*/ -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d +A monomorphic instance of libcrux_sha3.generic_keccak.xof.absorb_final_35 with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 - DELIMITER= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_25( - libcrux_sha3_generic_keccak_KeccakXofState_4f *self, - Eurydice_slice inputs[1U]) { - libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_inputs[1U]; - memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); - size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_f8(uu____0, copy_of_inputs); - size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); - uint8_t blocks[1U][200U] = {{0U}}; +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_xof_absorb_final_35_9e( + libcrux_sha3_generic_keccak_xof_KeccakXofState_e2 *self, + Eurydice_slice *inputs) { + libcrux_sha3_generic_keccak_xof_absorb_35_c6(self, inputs); + Eurydice_slice borrowed[1U]; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + uint8_t buf[136U] = {0U}; + borrowed[i] = core_array___Array_T__N___as_slice((size_t)136U, buf, uint8_t, + Eurydice_slice); + } for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; - if (self->buf_len > (size_t)0U) { - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, self->buf_len, uint8_t); - Eurydice_slice_copy(uu____2, - Eurydice_array_to_subslice2(self->buf[i0], (size_t)0U, - self->buf_len, uint8_t), - uint8_t); - } - if (input_remainder_len > (size_t)0U) { - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - blocks[i0], self->buf_len, self->buf_len + input_remainder_len, - uint8_t); - Eurydice_slice_copy( - uu____3, - Eurydice_slice_subslice_from( - inputs[i0], input_len - input_remainder_len, uint8_t, size_t), - uint8_t); - } - blocks[i0][self->buf_len + input_remainder_len] = 31U; - size_t uu____4 = i0; - size_t uu____5 = (size_t)136U - (size_t)1U; - blocks[uu____4][uu____5] = (uint32_t)blocks[uu____4][uu____5] | 128U; + borrowed[i0] = + Eurydice_array_to_slice((size_t)136U, self->buf[i0], uint8_t); } - uint64_t(*uu____6)[5U] = self->inner.st; - uint8_t uu____7[1U][200U]; - memcpy(uu____7, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_d20(uu____6, uu____7); - libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + libcrux_sha3_simd_portable_load_last_a1_ad0(&self->inner, borrowed, + (size_t)0U, self->buf_len); + libcrux_sha3_generic_keccak_keccakf1600_80_04(&self->inner); } /** Shake256 absorb final */ /** -This function found in impl -{(libcrux_sha3::portable::incremental::XofAbsorb<136: usize> for -libcrux_sha3::portable::incremental::Shake256Absorb)#2} +This function found in impl {libcrux_sha3::portable::incremental::Xof<136usize> +for libcrux_sha3::portable::incremental::Shake256Xof} */ -static inline libcrux_sha3_generic_keccak_KeccakXofState_4f -libcrux_sha3_portable_incremental_absorb_final_7d( - libcrux_sha3_generic_keccak_KeccakXofState_4f self, Eurydice_slice input) { +static inline void libcrux_sha3_portable_incremental_absorb_final_42( + libcrux_sha3_generic_keccak_xof_KeccakXofState_e2 *self, + Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_final_9d_25(&self, buf); - return self; + libcrux_sha3_generic_keccak_xof_absorb_final_35_9e(self, buf); } /** - An all zero block +This function found in impl +{libcrux_sha3::generic_keccak::xof::KeccakXofState[TraitClause@0, TraitClause@1]} */ /** -This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} -*/ -/** -A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d +A monomorphic instance of libcrux_sha3.generic_keccak.xof.zero_block_35 with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline void libcrux_sha3_generic_keccak_zero_block_9d_e6( +static inline void libcrux_sha3_generic_keccak_xof_zero_block_35_c6( uint8_t ret[136U]) { - ret[0U] = 0U; - ret[1U] = 0U; - ret[2U] = 0U; - ret[3U] = 0U; - ret[4U] = 0U; - ret[5U] = 0U; - ret[6U] = 0U; - ret[7U] = 0U; - ret[8U] = 0U; - ret[9U] = 0U; - ret[10U] = 0U; - ret[11U] = 0U; - ret[12U] = 0U; - ret[13U] = 0U; - ret[14U] = 0U; - ret[15U] = 0U; - ret[16U] = 0U; - ret[17U] = 0U; - ret[18U] = 0U; - ret[19U] = 0U; - ret[20U] = 0U; - ret[21U] = 0U; - ret[22U] = 0U; - ret[23U] = 0U; - ret[24U] = 0U; - ret[25U] = 0U; - ret[26U] = 0U; - ret[27U] = 0U; - ret[28U] = 0U; - ret[29U] = 0U; - ret[30U] = 0U; - ret[31U] = 0U; - ret[32U] = 0U; - ret[33U] = 0U; - ret[34U] = 0U; - ret[35U] = 0U; - ret[36U] = 0U; - ret[37U] = 0U; - ret[38U] = 0U; - ret[39U] = 0U; - ret[40U] = 0U; - ret[41U] = 0U; - ret[42U] = 0U; - ret[43U] = 0U; - ret[44U] = 0U; - ret[45U] = 0U; - ret[46U] = 0U; - ret[47U] = 0U; - ret[48U] = 0U; - ret[49U] = 0U; - ret[50U] = 0U; - ret[51U] = 0U; - ret[52U] = 0U; - ret[53U] = 0U; - ret[54U] = 0U; - ret[55U] = 0U; - ret[56U] = 0U; - ret[57U] = 0U; - ret[58U] = 0U; - ret[59U] = 0U; - ret[60U] = 0U; - ret[61U] = 0U; - ret[62U] = 0U; - ret[63U] = 0U; - ret[64U] = 0U; - ret[65U] = 0U; - ret[66U] = 0U; - ret[67U] = 0U; - ret[68U] = 0U; - ret[69U] = 0U; - ret[70U] = 0U; - ret[71U] = 0U; - ret[72U] = 0U; - ret[73U] = 0U; - ret[74U] = 0U; - ret[75U] = 0U; - ret[76U] = 0U; - ret[77U] = 0U; - ret[78U] = 0U; - ret[79U] = 0U; - ret[80U] = 0U; - ret[81U] = 0U; - ret[82U] = 0U; - ret[83U] = 0U; - ret[84U] = 0U; - ret[85U] = 0U; - ret[86U] = 0U; - ret[87U] = 0U; - ret[88U] = 0U; - ret[89U] = 0U; - ret[90U] = 0U; - ret[91U] = 0U; - ret[92U] = 0U; - ret[93U] = 0U; - ret[94U] = 0U; - ret[95U] = 0U; - ret[96U] = 0U; - ret[97U] = 0U; - ret[98U] = 0U; - ret[99U] = 0U; - ret[100U] = 0U; - ret[101U] = 0U; - ret[102U] = 0U; - ret[103U] = 0U; - ret[104U] = 0U; - ret[105U] = 0U; - ret[106U] = 0U; - ret[107U] = 0U; - ret[108U] = 0U; - ret[109U] = 0U; - ret[110U] = 0U; - ret[111U] = 0U; - ret[112U] = 0U; - ret[113U] = 0U; - ret[114U] = 0U; - ret[115U] = 0U; - ret[116U] = 0U; - ret[117U] = 0U; - ret[118U] = 0U; - ret[119U] = 0U; - ret[120U] = 0U; - ret[121U] = 0U; - ret[122U] = 0U; - ret[123U] = 0U; - ret[124U] = 0U; - ret[125U] = 0U; - ret[126U] = 0U; - ret[127U] = 0U; - ret[128U] = 0U; - ret[129U] = 0U; - ret[130U] = 0U; - ret[131U] = 0U; - ret[132U] = 0U; - ret[133U] = 0U; - ret[134U] = 0U; - ret[135U] = 0U; + memset(ret, 0U, 136U * sizeof(uint8_t)); } /** - Generate a new keccak xof state. +This function found in impl +{libcrux_sha3::generic_keccak::xof::KeccakXofState[TraitClause@0, TraitClause@1]} */ /** -This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} -*/ -/** -A monomorphic instance of libcrux_sha3.generic_keccak.new_9d +A monomorphic instance of libcrux_sha3.generic_keccak.xof.new_35 with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline libcrux_sha3_generic_keccak_KeccakXofState_4f -libcrux_sha3_generic_keccak_new_9d_7e(void) { - libcrux_sha3_generic_keccak_KeccakXofState_4f lit; - lit.inner = libcrux_sha3_generic_keccak_new_1e_f4(); - uint8_t ret[136U]; - libcrux_sha3_generic_keccak_zero_block_9d_e6(ret); - memcpy(lit.buf[0U], ret, (size_t)136U * sizeof(uint8_t)); +static inline libcrux_sha3_generic_keccak_xof_KeccakXofState_e2 +libcrux_sha3_generic_keccak_xof_new_35_c6(void) { + libcrux_sha3_generic_keccak_xof_KeccakXofState_e2 lit; + lit.inner = libcrux_sha3_generic_keccak_new_80_04(); + uint8_t repeat_expression[1U][136U]; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + libcrux_sha3_generic_keccak_xof_zero_block_35_c6(repeat_expression[i]); + } + memcpy(lit.buf, repeat_expression, (size_t)1U * sizeof(uint8_t[136U])); lit.buf_len = (size_t)0U; lit.sponge = false; return lit; @@ -4955,55 +4999,103 @@ libcrux_sha3_generic_keccak_new_9d_7e(void) { Shake256 new state */ /** +This function found in impl {libcrux_sha3::portable::incremental::Xof<136usize> +for libcrux_sha3::portable::incremental::Shake256Xof} +*/ +static inline libcrux_sha3_generic_keccak_xof_KeccakXofState_e2 +libcrux_sha3_portable_incremental_new_42(void) { + return libcrux_sha3_generic_keccak_xof_new_35_c6(); +} + +/** + Squeeze `N` x `LEN` bytes. Only `N = 1` for now. +*/ +/** This function found in impl -{(libcrux_sha3::portable::incremental::XofAbsorb<136: usize> for -libcrux_sha3::portable::incremental::Shake256Absorb)#2} +{libcrux_sha3::generic_keccak::xof::KeccakXofState[TraitClause@0, TraitClause@1]} */ -static inline libcrux_sha3_generic_keccak_KeccakXofState_4f -libcrux_sha3_portable_incremental_new_7d(void) { - return libcrux_sha3_generic_keccak_new_9d_7e(); +/** +A monomorphic instance of libcrux_sha3.generic_keccak.xof.squeeze_85 +with types uint64_t +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_xof_squeeze_85_c7( + libcrux_sha3_generic_keccak_xof_KeccakXofState_e2 *self, + Eurydice_slice out) { + if (self->sponge) { + libcrux_sha3_generic_keccak_keccakf1600_80_04(&self->inner); + } + size_t out_len = Eurydice_slice_len(out, uint8_t); + if (out_len > (size_t)0U) { + if (out_len <= (size_t)136U) { + libcrux_sha3_simd_portable_squeeze_13_5b(&self->inner, out, (size_t)0U, + out_len); + } else { + size_t blocks = out_len / (size_t)136U; + for (size_t i = (size_t)0U; i < blocks; i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_keccakf1600_80_04(&self->inner); + libcrux_sha3_simd_portable_squeeze_13_5b( + &self->inner, out, i0 * (size_t)136U, (size_t)136U); + } + size_t remaining = out_len % (size_t)136U; + if (remaining > (size_t)0U) { + libcrux_sha3_generic_keccak_keccakf1600_80_04(&self->inner); + libcrux_sha3_simd_portable_squeeze_13_5b( + &self->inner, out, blocks * (size_t)136U, remaining); + } + } + self->sponge = true; + } +} + +/** + Shake256 squeeze +*/ +/** +This function found in impl {libcrux_sha3::portable::incremental::Xof<136usize> +for libcrux_sha3::portable::incremental::Shake256Xof} +*/ +static inline void libcrux_sha3_portable_incremental_squeeze_42( + libcrux_sha3_generic_keccak_xof_KeccakXofState_e2 *self, + Eurydice_slice out) { + libcrux_sha3_generic_keccak_xof_squeeze_85_c7(self, out); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.KeccakXofState +A monomorphic instance of libcrux_sha3.generic_keccak.xof.KeccakXofState with types uint64_t with const generics - $1size_t - $168size_t */ -typedef struct libcrux_sha3_generic_keccak_KeccakXofState_78_s { - libcrux_sha3_generic_keccak_KeccakState_48 inner; +typedef struct libcrux_sha3_generic_keccak_xof_KeccakXofState_97_s { + libcrux_sha3_generic_keccak_KeccakState_17 inner; uint8_t buf[1U][168U]; size_t buf_len; bool sponge; -} libcrux_sha3_generic_keccak_KeccakXofState_78; +} libcrux_sha3_generic_keccak_xof_KeccakXofState_97; -typedef libcrux_sha3_generic_keccak_KeccakXofState_78 - libcrux_sha3_portable_incremental_Shake128Absorb; +typedef libcrux_sha3_generic_keccak_xof_KeccakXofState_97 + libcrux_sha3_portable_incremental_Shake128Xof; /** - Consume the internal buffer and the required amount of the input to pad to - `RATE`. - - Returns the `consumed` bytes from `inputs` if there's enough buffered - content to consume, and `0` otherwise. - If `consumed > 0` is returned, `self.buf` contains a full block to be - loaded. -*/ -/** -This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +This function found in impl +{libcrux_sha3::generic_keccak::xof::KeccakXofState[TraitClause@0, TraitClause@1]} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d +A monomorphic instance of libcrux_sha3.generic_keccak.xof.fill_buffer_35 with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_b00( - libcrux_sha3_generic_keccak_KeccakXofState_78 *self, - Eurydice_slice inputs[1U]) { +static inline size_t libcrux_sha3_generic_keccak_xof_fill_buffer_35_c60( + libcrux_sha3_generic_keccak_xof_KeccakXofState_97 *self, + Eurydice_slice *inputs) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); size_t consumed = (size_t)0U; if (self->buf_len > (size_t)0U) { @@ -5012,10 +5104,12 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_b00( for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)168U, self->buf[i0], self->buf_len, uint8_t, size_t); + (size_t)168U, self->buf[i0], self->buf_len, uint8_t, size_t, + uint8_t[]); Eurydice_slice_copy( uu____0, - Eurydice_slice_subslice_to(inputs[i0], consumed, uint8_t, size_t), + Eurydice_slice_subslice_to(inputs[i0], consumed, uint8_t, size_t, + uint8_t[]), uint8_t); } self->buf_len = self->buf_len + consumed; @@ -5025,42 +5119,37 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_b00( } /** -This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +This function found in impl +{libcrux_sha3::generic_keccak::xof::KeccakXofState[TraitClause@0, TraitClause@1]} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d +A monomorphic instance of libcrux_sha3.generic_keccak.xof.absorb_full_35 with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_f80( - libcrux_sha3_generic_keccak_KeccakXofState_78 *self, - Eurydice_slice inputs[1U]) { - libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_inputs0[1U]; - memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); +static inline size_t libcrux_sha3_generic_keccak_xof_absorb_full_35_c60( + libcrux_sha3_generic_keccak_xof_KeccakXofState_97 *self, + Eurydice_slice *inputs) { size_t input_consumed = - libcrux_sha3_generic_keccak_fill_buffer_9d_b00(uu____0, copy_of_inputs0); + libcrux_sha3_generic_keccak_xof_fill_buffer_35_c60(self, inputs); if (input_consumed > (size_t)0U) { Eurydice_slice borrowed[1U]; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { uint8_t buf[168U] = {0U}; - borrowed[i] = core_array___Array_T__N__23__as_slice( - (size_t)168U, buf, uint8_t, Eurydice_slice); + borrowed[i] = core_array___Array_T__N___as_slice((size_t)168U, buf, + uint8_t, Eurydice_slice); } for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; borrowed[i0] = Eurydice_array_to_slice((size_t)168U, self->buf[i0], uint8_t); } - uint64_t(*uu____2)[5U] = self->inner.st; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, borrowed, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_b83(uu____2, uu____3); - libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + libcrux_sha3_simd_portable_load_block_a1_3a(&self->inner, borrowed, + (size_t)0U); + libcrux_sha3_generic_keccak_keccakf1600_80_04(&self->inner); self->buf_len = (size_t)0U; } size_t input_to_consume = @@ -5069,648 +5158,237 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_f80( size_t remainder = input_to_consume % (size_t)168U; for (size_t i = (size_t)0U; i < num_blocks; i++) { size_t i0 = i; - uint64_t(*uu____4)[5U] = self->inner.st; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_inputs[1U]; - memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_inputs, input_consumed + i0 * (size_t)168U, (size_t)168U, ret); - libcrux_sha3_portable_keccak_load_block_5a_b83(uu____4, ret); - libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + libcrux_sha3_simd_portable_load_block_a1_3a( + &self->inner, inputs, input_consumed + i0 * (size_t)168U); + libcrux_sha3_generic_keccak_keccakf1600_80_04(&self->inner); } return remainder; } /** - Absorb - - This function takes any number of bytes to absorb and buffers if it's not - enough. The function assumes that all input slices in `blocks` have the same - length. - - Only a multiple of `RATE` blocks are absorbed. - For the remaining bytes [`absorb_final`] needs to be called. - - This works best with relatively small `inputs`. +This function found in impl +{libcrux_sha3::generic_keccak::xof::KeccakXofState[TraitClause@0, TraitClause@1]} */ /** -This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} -*/ -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d +A monomorphic instance of libcrux_sha3.generic_keccak.xof.absorb_35 with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_7b0( - libcrux_sha3_generic_keccak_KeccakXofState_78 *self, - Eurydice_slice inputs[1U]) { - libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_inputs[1U]; - memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_xof_absorb_35_c60( + libcrux_sha3_generic_keccak_xof_KeccakXofState_97 *self, + Eurydice_slice *inputs) { size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_f80(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_xof_absorb_full_35_c60(self, inputs); if (input_remainder_len > (size_t)0U) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - self->buf[i0], self->buf_len, self->buf_len + input_remainder_len, - uint8_t); - Eurydice_slice_copy( - uu____2, - Eurydice_slice_subslice_from( - inputs[i0], input_len - input_remainder_len, uint8_t, size_t), - uint8_t); + Eurydice_slice_copy(Eurydice_array_to_subslice3( + self->buf[i0], self->buf_len, + self->buf_len + input_remainder_len, uint8_t *), + Eurydice_slice_subslice_from( + inputs[i0], input_len - input_remainder_len, + uint8_t, size_t, uint8_t[]), + uint8_t); } self->buf_len = self->buf_len + input_remainder_len; } } /** -This function found in impl -{(libcrux_sha3::portable::incremental::XofAbsorb<168: usize> for -libcrux_sha3::portable::incremental::Shake128Absorb)} +This function found in impl {libcrux_sha3::portable::incremental::Xof<168usize> +for libcrux_sha3::portable::incremental::Shake128Xof} */ -static inline void libcrux_sha3_portable_incremental_absorb_1c( - libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice input) { +static inline void libcrux_sha3_portable_incremental_absorb_26( + libcrux_sha3_generic_keccak_xof_KeccakXofState_97 *self, + Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_9d_7b0(self, buf); + libcrux_sha3_generic_keccak_xof_absorb_35_c60(self, buf); } -typedef libcrux_sha3_generic_keccak_KeccakXofState_78 - libcrux_sha3_portable_incremental_Shake128Squeeze; - /** - Absorb a final block. - - The `inputs` block may be empty. Everything in the `inputs` block beyond - `RATE` bytes is ignored. +This function found in impl +{libcrux_sha3::generic_keccak::xof::KeccakXofState[TraitClause@0, TraitClause@1]} */ /** -This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} -*/ -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d +A monomorphic instance of libcrux_sha3.generic_keccak.xof.absorb_final_35 with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 - DELIMITER= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_250( - libcrux_sha3_generic_keccak_KeccakXofState_78 *self, - Eurydice_slice inputs[1U]) { - libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_inputs[1U]; - memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); - size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_f80(uu____0, copy_of_inputs); - size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); - uint8_t blocks[1U][200U] = {{0U}}; +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_xof_absorb_final_35_9e0( + libcrux_sha3_generic_keccak_xof_KeccakXofState_97 *self, + Eurydice_slice *inputs) { + libcrux_sha3_generic_keccak_xof_absorb_35_c60(self, inputs); + Eurydice_slice borrowed[1U]; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + uint8_t buf[168U] = {0U}; + borrowed[i] = core_array___Array_T__N___as_slice((size_t)168U, buf, uint8_t, + Eurydice_slice); + } for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; - if (self->buf_len > (size_t)0U) { - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, self->buf_len, uint8_t); - Eurydice_slice_copy(uu____2, - Eurydice_array_to_subslice2(self->buf[i0], (size_t)0U, - self->buf_len, uint8_t), - uint8_t); - } - if (input_remainder_len > (size_t)0U) { - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - blocks[i0], self->buf_len, self->buf_len + input_remainder_len, - uint8_t); - Eurydice_slice_copy( - uu____3, - Eurydice_slice_subslice_from( - inputs[i0], input_len - input_remainder_len, uint8_t, size_t), - uint8_t); - } - blocks[i0][self->buf_len + input_remainder_len] = 31U; - size_t uu____4 = i0; - size_t uu____5 = (size_t)168U - (size_t)1U; - blocks[uu____4][uu____5] = (uint32_t)blocks[uu____4][uu____5] | 128U; + borrowed[i0] = + Eurydice_array_to_slice((size_t)168U, self->buf[i0], uint8_t); } - uint64_t(*uu____6)[5U] = self->inner.st; - uint8_t uu____7[1U][200U]; - memcpy(uu____7, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_d21(uu____6, uu____7); - libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + libcrux_sha3_simd_portable_load_last_a1_c6(&self->inner, borrowed, (size_t)0U, + self->buf_len); + libcrux_sha3_generic_keccak_keccakf1600_80_04(&self->inner); } /** -This function found in impl -{(libcrux_sha3::portable::incremental::XofAbsorb<168: usize> for -libcrux_sha3::portable::incremental::Shake128Absorb)} +This function found in impl {libcrux_sha3::portable::incremental::Xof<168usize> +for libcrux_sha3::portable::incremental::Shake128Xof} */ -static inline libcrux_sha3_generic_keccak_KeccakXofState_78 -libcrux_sha3_portable_incremental_absorb_final_1c( - libcrux_sha3_generic_keccak_KeccakXofState_78 self, Eurydice_slice input) { +static inline void libcrux_sha3_portable_incremental_absorb_final_26( + libcrux_sha3_generic_keccak_xof_KeccakXofState_97 *self, + Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_final_9d_250(&self, buf); - return self; + libcrux_sha3_generic_keccak_xof_absorb_final_35_9e0(self, buf); } /** - An all zero block +This function found in impl +{libcrux_sha3::generic_keccak::xof::KeccakXofState[TraitClause@0, TraitClause@1]} */ /** -This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} -*/ -/** -A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d +A monomorphic instance of libcrux_sha3.generic_keccak.xof.zero_block_35 with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline void libcrux_sha3_generic_keccak_zero_block_9d_e60( +static inline void libcrux_sha3_generic_keccak_xof_zero_block_35_c60( uint8_t ret[168U]) { - ret[0U] = 0U; - ret[1U] = 0U; - ret[2U] = 0U; - ret[3U] = 0U; - ret[4U] = 0U; - ret[5U] = 0U; - ret[6U] = 0U; - ret[7U] = 0U; - ret[8U] = 0U; - ret[9U] = 0U; - ret[10U] = 0U; - ret[11U] = 0U; - ret[12U] = 0U; - ret[13U] = 0U; - ret[14U] = 0U; - ret[15U] = 0U; - ret[16U] = 0U; - ret[17U] = 0U; - ret[18U] = 0U; - ret[19U] = 0U; - ret[20U] = 0U; - ret[21U] = 0U; - ret[22U] = 0U; - ret[23U] = 0U; - ret[24U] = 0U; - ret[25U] = 0U; - ret[26U] = 0U; - ret[27U] = 0U; - ret[28U] = 0U; - ret[29U] = 0U; - ret[30U] = 0U; - ret[31U] = 0U; - ret[32U] = 0U; - ret[33U] = 0U; - ret[34U] = 0U; - ret[35U] = 0U; - ret[36U] = 0U; - ret[37U] = 0U; - ret[38U] = 0U; - ret[39U] = 0U; - ret[40U] = 0U; - ret[41U] = 0U; - ret[42U] = 0U; - ret[43U] = 0U; - ret[44U] = 0U; - ret[45U] = 0U; - ret[46U] = 0U; - ret[47U] = 0U; - ret[48U] = 0U; - ret[49U] = 0U; - ret[50U] = 0U; - ret[51U] = 0U; - ret[52U] = 0U; - ret[53U] = 0U; - ret[54U] = 0U; - ret[55U] = 0U; - ret[56U] = 0U; - ret[57U] = 0U; - ret[58U] = 0U; - ret[59U] = 0U; - ret[60U] = 0U; - ret[61U] = 0U; - ret[62U] = 0U; - ret[63U] = 0U; - ret[64U] = 0U; - ret[65U] = 0U; - ret[66U] = 0U; - ret[67U] = 0U; - ret[68U] = 0U; - ret[69U] = 0U; - ret[70U] = 0U; - ret[71U] = 0U; - ret[72U] = 0U; - ret[73U] = 0U; - ret[74U] = 0U; - ret[75U] = 0U; - ret[76U] = 0U; - ret[77U] = 0U; - ret[78U] = 0U; - ret[79U] = 0U; - ret[80U] = 0U; - ret[81U] = 0U; - ret[82U] = 0U; - ret[83U] = 0U; - ret[84U] = 0U; - ret[85U] = 0U; - ret[86U] = 0U; - ret[87U] = 0U; - ret[88U] = 0U; - ret[89U] = 0U; - ret[90U] = 0U; - ret[91U] = 0U; - ret[92U] = 0U; - ret[93U] = 0U; - ret[94U] = 0U; - ret[95U] = 0U; - ret[96U] = 0U; - ret[97U] = 0U; - ret[98U] = 0U; - ret[99U] = 0U; - ret[100U] = 0U; - ret[101U] = 0U; - ret[102U] = 0U; - ret[103U] = 0U; - ret[104U] = 0U; - ret[105U] = 0U; - ret[106U] = 0U; - ret[107U] = 0U; - ret[108U] = 0U; - ret[109U] = 0U; - ret[110U] = 0U; - ret[111U] = 0U; - ret[112U] = 0U; - ret[113U] = 0U; - ret[114U] = 0U; - ret[115U] = 0U; - ret[116U] = 0U; - ret[117U] = 0U; - ret[118U] = 0U; - ret[119U] = 0U; - ret[120U] = 0U; - ret[121U] = 0U; - ret[122U] = 0U; - ret[123U] = 0U; - ret[124U] = 0U; - ret[125U] = 0U; - ret[126U] = 0U; - ret[127U] = 0U; - ret[128U] = 0U; - ret[129U] = 0U; - ret[130U] = 0U; - ret[131U] = 0U; - ret[132U] = 0U; - ret[133U] = 0U; - ret[134U] = 0U; - ret[135U] = 0U; - ret[136U] = 0U; - ret[137U] = 0U; - ret[138U] = 0U; - ret[139U] = 0U; - ret[140U] = 0U; - ret[141U] = 0U; - ret[142U] = 0U; - ret[143U] = 0U; - ret[144U] = 0U; - ret[145U] = 0U; - ret[146U] = 0U; - ret[147U] = 0U; - ret[148U] = 0U; - ret[149U] = 0U; - ret[150U] = 0U; - ret[151U] = 0U; - ret[152U] = 0U; - ret[153U] = 0U; - ret[154U] = 0U; - ret[155U] = 0U; - ret[156U] = 0U; - ret[157U] = 0U; - ret[158U] = 0U; - ret[159U] = 0U; - ret[160U] = 0U; - ret[161U] = 0U; - ret[162U] = 0U; - ret[163U] = 0U; - ret[164U] = 0U; - ret[165U] = 0U; - ret[166U] = 0U; - ret[167U] = 0U; + memset(ret, 0U, 168U * sizeof(uint8_t)); } /** - Generate a new keccak xof state. +This function found in impl +{libcrux_sha3::generic_keccak::xof::KeccakXofState[TraitClause@0, TraitClause@1]} */ /** -This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} -*/ -/** -A monomorphic instance of libcrux_sha3.generic_keccak.new_9d +A monomorphic instance of libcrux_sha3.generic_keccak.xof.new_35 with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline libcrux_sha3_generic_keccak_KeccakXofState_78 -libcrux_sha3_generic_keccak_new_9d_7e0(void) { - libcrux_sha3_generic_keccak_KeccakXofState_78 lit; - lit.inner = libcrux_sha3_generic_keccak_new_1e_f4(); - uint8_t ret[168U]; - libcrux_sha3_generic_keccak_zero_block_9d_e60(ret); - memcpy(lit.buf[0U], ret, (size_t)168U * sizeof(uint8_t)); +static inline libcrux_sha3_generic_keccak_xof_KeccakXofState_97 +libcrux_sha3_generic_keccak_xof_new_35_c60(void) { + libcrux_sha3_generic_keccak_xof_KeccakXofState_97 lit; + lit.inner = libcrux_sha3_generic_keccak_new_80_04(); + uint8_t repeat_expression[1U][168U]; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + libcrux_sha3_generic_keccak_xof_zero_block_35_c60(repeat_expression[i]); + } + memcpy(lit.buf, repeat_expression, (size_t)1U * sizeof(uint8_t[168U])); lit.buf_len = (size_t)0U; lit.sponge = false; return lit; } /** -This function found in impl -{(libcrux_sha3::portable::incremental::XofAbsorb<168: usize> for -libcrux_sha3::portable::incremental::Shake128Absorb)} +This function found in impl {libcrux_sha3::portable::incremental::Xof<168usize> +for libcrux_sha3::portable::incremental::Shake128Xof} */ -static inline libcrux_sha3_generic_keccak_KeccakXofState_78 -libcrux_sha3_portable_incremental_new_1c(void) { - return libcrux_sha3_generic_keccak_new_9d_7e0(); +static inline libcrux_sha3_generic_keccak_xof_KeccakXofState_97 +libcrux_sha3_portable_incremental_new_26(void) { + return libcrux_sha3_generic_keccak_xof_new_35_c60(); } /** - `out` has the exact size we want here. It must be less than or equal to `RATE`. -*/ -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_5a -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_1c( - uint64_t (*state)[5U], Eurydice_slice out[1U]) { - size_t num_full_blocks = Eurydice_slice_len(out[0U], uint8_t) / (size_t)8U; - size_t last_block_len = Eurydice_slice_len(out[0U], uint8_t) % (size_t)8U; - for (size_t i = (size_t)0U; i < num_full_blocks; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(state[i0 / (size_t)5U][i0 % (size_t)5U], ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); - } - if (last_block_len != (size_t)0U) { - Eurydice_slice uu____1 = Eurydice_slice_subslice2( - out[0U], num_full_blocks * (size_t)8U, - num_full_blocks * (size_t)8U + last_block_len, uint8_t); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes( - state[num_full_blocks / (size_t)5U][num_full_blocks % (size_t)5U], ret); - Eurydice_slice_copy( - uu____1, - Eurydice_array_to_subslice2(ret, (size_t)0U, last_block_len, uint8_t), - uint8_t); - } -} - -/** - Squeeze `N` x `LEN` bytes. -*/ -/** -This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} -*/ -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d -with types uint64_t -with const generics -- PARALLEL_LANES= 1 -- RATE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_96( - libcrux_sha3_generic_keccak_KeccakXofState_4f *self, - Eurydice_slice out[1U]) { - if (self->sponge) { - libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); - } - size_t out_len = Eurydice_slice_len(out[0U], uint8_t); - size_t blocks = out_len / (size_t)136U; - size_t last = out_len - out_len % (size_t)136U; - size_t mid; - if ((size_t)136U >= out_len) { - mid = out_len; - } else { - mid = (size_t)136U; - } - Eurydice_slice_uint8_t_1size_t__x2 uu____0 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, mid); - Eurydice_slice out00[1U]; - memcpy(out00, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice out_rest[1U]; - memcpy(out_rest, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_store_5a_1c(self->inner.st, out00); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, Option_b3) - .tag == None) { - break; - } else { - Eurydice_slice_uint8_t_1size_t__x2 uu____1 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(out_rest, - (size_t)136U); - Eurydice_slice out0[1U]; - memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice tmp[1U]; - memcpy(tmp, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); - libcrux_sha3_portable_keccak_store_5a_1c(self->inner.st, out0); - memcpy(out_rest, tmp, (size_t)1U * sizeof(Eurydice_slice)); - } - } - if (last < out_len) { - libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); - libcrux_sha3_portable_keccak_store_5a_1c(self->inner.st, out_rest); - } - self->sponge = true; -} - -/** - Shake256 squeeze + Squeeze `N` x `LEN` bytes. Only `N = 1` for now. */ /** This function found in impl -{(libcrux_sha3::portable::incremental::XofSqueeze<136: usize> for -libcrux_sha3::portable::incremental::Shake256Squeeze)#3} -*/ -static inline void libcrux_sha3_portable_incremental_squeeze_8a( - libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out) { - Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_9d_96(self, buf); -} - -/** - `out` has the exact size we want here. It must be less than or equal to `RATE`. -*/ -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_5a -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_1c0( - uint64_t (*state)[5U], Eurydice_slice out[1U]) { - size_t num_full_blocks = Eurydice_slice_len(out[0U], uint8_t) / (size_t)8U; - size_t last_block_len = Eurydice_slice_len(out[0U], uint8_t) % (size_t)8U; - for (size_t i = (size_t)0U; i < num_full_blocks; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(state[i0 / (size_t)5U][i0 % (size_t)5U], ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); - } - if (last_block_len != (size_t)0U) { - Eurydice_slice uu____1 = Eurydice_slice_subslice2( - out[0U], num_full_blocks * (size_t)8U, - num_full_blocks * (size_t)8U + last_block_len, uint8_t); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes( - state[num_full_blocks / (size_t)5U][num_full_blocks % (size_t)5U], ret); - Eurydice_slice_copy( - uu____1, - Eurydice_array_to_subslice2(ret, (size_t)0U, last_block_len, uint8_t), - uint8_t); - } -} - -/** - Squeeze `N` x `LEN` bytes. -*/ -/** -This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +{libcrux_sha3::generic_keccak::xof::KeccakXofState[TraitClause@0, TraitClause@1]} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d +A monomorphic instance of libcrux_sha3.generic_keccak.xof.squeeze_85 with types uint64_t with const generics -- PARALLEL_LANES= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_960( - libcrux_sha3_generic_keccak_KeccakXofState_78 *self, - Eurydice_slice out[1U]) { +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_xof_squeeze_85_13( + libcrux_sha3_generic_keccak_xof_KeccakXofState_97 *self, + Eurydice_slice out) { if (self->sponge) { - libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); - } - size_t out_len = Eurydice_slice_len(out[0U], uint8_t); - size_t blocks = out_len / (size_t)168U; - size_t last = out_len - out_len % (size_t)168U; - size_t mid; - if ((size_t)168U >= out_len) { - mid = out_len; - } else { - mid = (size_t)168U; + libcrux_sha3_generic_keccak_keccakf1600_80_04(&self->inner); } - Eurydice_slice_uint8_t_1size_t__x2 uu____0 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, mid); - Eurydice_slice out00[1U]; - memcpy(out00, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice out_rest[1U]; - memcpy(out_rest, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_store_5a_1c0(self->inner.st, out00); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, Option_b3) - .tag == None) { - break; + size_t out_len = Eurydice_slice_len(out, uint8_t); + if (out_len > (size_t)0U) { + if (out_len <= (size_t)168U) { + libcrux_sha3_simd_portable_squeeze_13_3a(&self->inner, out, (size_t)0U, + out_len); } else { - Eurydice_slice_uint8_t_1size_t__x2 uu____1 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(out_rest, - (size_t)168U); - Eurydice_slice out0[1U]; - memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice tmp[1U]; - memcpy(tmp, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); - libcrux_sha3_portable_keccak_store_5a_1c0(self->inner.st, out0); - memcpy(out_rest, tmp, (size_t)1U * sizeof(Eurydice_slice)); + size_t blocks = out_len / (size_t)168U; + for (size_t i = (size_t)0U; i < blocks; i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_keccakf1600_80_04(&self->inner); + libcrux_sha3_simd_portable_squeeze_13_3a( + &self->inner, out, i0 * (size_t)168U, (size_t)168U); + } + size_t remaining = out_len % (size_t)168U; + if (remaining > (size_t)0U) { + libcrux_sha3_generic_keccak_keccakf1600_80_04(&self->inner); + libcrux_sha3_simd_portable_squeeze_13_3a( + &self->inner, out, blocks * (size_t)168U, remaining); + } } + self->sponge = true; } - if (last < out_len) { - libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); - libcrux_sha3_portable_keccak_store_5a_1c0(self->inner.st, out_rest); - } - self->sponge = true; } /** Shake128 squeeze */ /** -This function found in impl -{(libcrux_sha3::portable::incremental::XofSqueeze<168: usize> for -libcrux_sha3::portable::incremental::Shake128Squeeze)#1} +This function found in impl {libcrux_sha3::portable::incremental::Xof<168usize> +for libcrux_sha3::portable::incremental::Shake128Xof} */ -static inline void libcrux_sha3_portable_incremental_squeeze_10( - libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out) { - Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_9d_960(self, buf); +static inline void libcrux_sha3_portable_incremental_squeeze_26( + libcrux_sha3_generic_keccak_xof_KeccakXofState_97 *self, + Eurydice_slice out) { + libcrux_sha3_generic_keccak_xof_squeeze_85_13(self, out); } /** -This function found in impl {(core::clone::Clone for -libcrux_sha3::portable::KeccakState)} +This function found in impl {core::clone::Clone for +libcrux_sha3::portable::KeccakState} */ -static inline libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_portable_clone_3d( - libcrux_sha3_generic_keccak_KeccakState_48 *self) { +static inline libcrux_sha3_generic_keccak_KeccakState_17 +libcrux_sha3_portable_clone_fe( + libcrux_sha3_generic_keccak_KeccakState_17 *self) { return self[0U]; } /** -This function found in impl {(core::convert::From for -u32)#1} +This function found in impl {core::convert::From for +u32} */ -static inline uint32_t libcrux_sha3_from_eb(libcrux_sha3_Algorithm v) { - uint32_t uu____0; +static inline uint32_t libcrux_sha3_from_6c(libcrux_sha3_Algorithm v) { switch (v) { - case libcrux_sha3_Sha224: { - uu____0 = 1U; + case libcrux_sha3_Algorithm_Sha224: { break; } - case libcrux_sha3_Sha256: { - uu____0 = 2U; - break; + case libcrux_sha3_Algorithm_Sha256: { + return 2U; } - case libcrux_sha3_Sha384: { - uu____0 = 3U; - break; + case libcrux_sha3_Algorithm_Sha384: { + return 3U; } - case libcrux_sha3_Sha512: { - uu____0 = 4U; - break; + case libcrux_sha3_Algorithm_Sha512: { + return 4U; } default: { KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, @@ -5718,31 +5396,26 @@ static inline uint32_t libcrux_sha3_from_eb(libcrux_sha3_Algorithm v) { KRML_HOST_EXIT(253U); } } - return uu____0; + return 1U; } /** -This function found in impl {(core::convert::From for -libcrux_sha3::Algorithm)} +This function found in impl {core::convert::From for +libcrux_sha3::Algorithm} */ -static inline libcrux_sha3_Algorithm libcrux_sha3_from_2d(uint32_t v) { - libcrux_sha3_Algorithm uu____0; +static inline libcrux_sha3_Algorithm libcrux_sha3_from_29(uint32_t v) { switch (v) { case 1U: { - uu____0 = libcrux_sha3_Sha224; break; } case 2U: { - uu____0 = libcrux_sha3_Sha256; - break; + return libcrux_sha3_Algorithm_Sha256; } case 3U: { - uu____0 = libcrux_sha3_Sha384; - break; + return libcrux_sha3_Algorithm_Sha384; } case 4U: { - uu____0 = libcrux_sha3_Sha512; - break; + return libcrux_sha3_Algorithm_Sha512; } default: { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, @@ -5750,52 +5423,40 @@ static inline libcrux_sha3_Algorithm libcrux_sha3_from_2d(uint32_t v) { KRML_HOST_EXIT(255U); } } - return uu____0; + return libcrux_sha3_Algorithm_Sha224; } -typedef uint8_t libcrux_sha3_Sha3_512Digest[64U]; - -typedef uint8_t libcrux_sha3_Sha3_384Digest[48U]; - -typedef uint8_t libcrux_sha3_Sha3_256Digest[32U]; - -typedef uint8_t libcrux_sha3_Sha3_224Digest[28U]; - #if defined(__cplusplus) } #endif -#define __libcrux_sha3_portable_H_DEFINED -#endif +#define libcrux_sha3_portable_H_DEFINED +#endif /* libcrux_sha3_portable_H */ -/* from libcrux/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h */ +/* from libcrux/libcrux-ml-kem/extracts/c_header_only/generated/libcrux_mlkem768_portable.h */ /* - * SPDX-FileCopyrightText: 2024 Cryspen Sarl + * SPDX-FileCopyrightText: 2025 Cryspen Sarl * * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee + * Charon: 667d2fc98984ff7f3df989c2367e6c1fa4a000e7 + * Eurydice: 2381cbc416ef2ad0b561c362c500bc84f36b6785 + * Karamel: 80f5435f2fc505973c469a4afcc8d875cddd0d8b + * F*: 71d8221589d4d438af3706d89cb653cf53e18aab + * Libcrux: 68dfed5a4a9e40277f62828471c029afed1ecdcc */ -#ifndef __libcrux_mlkem768_portable_H -#define __libcrux_mlkem768_portable_H +#ifndef libcrux_mlkem768_portable_H +#define libcrux_mlkem768_portable_H + #if defined(__cplusplus) extern "C" { #endif -#define LIBCRUX_ML_KEM_HASH_FUNCTIONS_BLOCK_SIZE ((size_t)168U) - -#define LIBCRUX_ML_KEM_HASH_FUNCTIONS_THREE_BLOCKS \ - (LIBCRUX_ML_KEM_HASH_FUNCTIONS_BLOCK_SIZE * (size_t)3U) - -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G( +static inline void libcrux_ml_kem_hash_functions_portable_G( Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_portable_sha512( @@ -5803,7 +5464,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G( memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H( +static inline void libcrux_ml_kem_hash_functions_portable_H( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_sha256( @@ -5811,15 +5472,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H( memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } -#define LIBCRUX_ML_KEM_IND_CCA_ENCAPS_SEED_SIZE \ - (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) - -#define LIBCRUX_ML_KEM_IND_CCA_KEY_GENERATION_SEED_SIZE \ - (LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE + \ - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) - -typedef uint8_t libcrux_ml_kem_ind_cca_MlKemSharedSecret[32U]; - static const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = {(int16_t)-1044, (int16_t)-758, (int16_t)-359, (int16_t)-1517, (int16_t)1493, (int16_t)1422, (int16_t)287, (int16_t)202, @@ -5854,17 +5506,19 @@ static const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = (int16_t)-108, (int16_t)-308, (int16_t)996, (int16_t)991, (int16_t)958, (int16_t)-1460, (int16_t)1522, (int16_t)1628}; +static KRML_MUSTINLINE int16_t libcrux_ml_kem_polynomial_zeta(size_t i) { + return libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[i]; +} + +#define LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT ((size_t)16U) + #define LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR ((size_t)16U) -#define LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT \ - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / \ - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR) - -#define LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS ((int16_t)3329) - #define LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS \ ((int16_t)1353) +#define LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS ((int16_t)3329) + #define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \ (62209U) @@ -5877,155 +5531,23 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array( Eurydice_slice array) { libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; int16_t ret[16U]; - Result_c0 dst; + Result_0a dst; Eurydice_slice_to_array2( - &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t), - Eurydice_slice, int16_t[16U]); - unwrap_41_f9(dst, ret); + &dst, Eurydice_slice_subslice3(array, (size_t)0U, (size_t)16U, int16_t *), + Eurydice_slice, int16_t[16U], TryFromSliceError); + unwrap_26_00(dst, ret); memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; } /** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +This function found in impl {libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array) { - return libcrux_ml_kem_vector_portable_vector_type_from_i16_array(array); -} - -typedef struct uint8_t_x11_s { - uint8_t fst; - uint8_t snd; - uint8_t thd; - uint8_t f3; - uint8_t f4; - uint8_t f5; - uint8_t f6; - uint8_t f7; - uint8_t f8; - uint8_t f9; - uint8_t f10; -} uint8_t_x11; - -static KRML_MUSTINLINE uint8_t_x11 -libcrux_ml_kem_vector_portable_serialize_serialize_11_int(Eurydice_slice v) { - uint8_t r0 = (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *); - uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *) & - (int16_t)31) - << 3U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *) >> - 8U); - uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *) & - (int16_t)3) - << 6U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *) >> - 5U); - uint8_t r3 = - (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *) >> 2U & - (int16_t)255); - uint8_t r4 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *) & - (int16_t)127) - << 1U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *) >> - 10U); - uint8_t r5 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *) & - (int16_t)15) - << 4U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *) >> - 7U); - uint8_t r6 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *) & - (int16_t)1) - << 7U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *) >> - 4U); - uint8_t r7 = - (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *) >> 1U & - (int16_t)255); - uint8_t r8 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *) & - (int16_t)63) - << 2U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *) >> - 9U); - uint8_t r9 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, - int16_t *) & - (int16_t)7) - << 5U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *) >> - 6U); - uint8_t r10 = - (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) >> 3U); - return (CLITERAL(uint8_t_x11){.fst = r0, - .snd = r1, - .thd = r2, - .f3 = r3, - .f4 = r4, - .f5 = r5, - .f6 = r6, - .f7 = r7, - .f8 = r8, - .f9 = r9, - .f10 = r10}); -} - -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_serialize_serialize_11( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[22U]) { - uint8_t_x11 r0_10 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t)); - uint8_t_x11 r11_21 = - libcrux_ml_kem_vector_portable_serialize_serialize_11_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t)); - uint8_t result[22U] = {0U}; - result[0U] = r0_10.fst; - result[1U] = r0_10.snd; - result[2U] = r0_10.thd; - result[3U] = r0_10.f3; - result[4U] = r0_10.f4; - result[5U] = r0_10.f5; - result[6U] = r0_10.f6; - result[7U] = r0_10.f7; - result[8U] = r0_10.f8; - result[9U] = r0_10.f9; - result[10U] = r0_10.f10; - result[11U] = r11_21.fst; - result[12U] = r11_21.snd; - result[13U] = r11_21.thd; - result[14U] = r11_21.f3; - result[15U] = r11_21.f4; - result[16U] = r11_21.f5; - result[17U] = r11_21.f6; - result[18U] = r11_21.f7; - result[19U] = r11_21.f8; - result[20U] = r11_21.f9; - result[21U] = r11_21.f10; - memcpy(ret, result, (size_t)22U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline void libcrux_ml_kem_vector_portable_serialize_11_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[22U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_11(a, ret); +libcrux_ml_kem_vector_portable_from_i16_array_b8(Eurydice_slice array) { + return libcrux_ml_kem_vector_portable_vector_type_from_i16_array( + libcrux_secrets_int_classify_public_classify_ref_9b_39(array)); } typedef struct int16_t_x8_s { @@ -6039,666 +5561,22 @@ typedef struct int16_t_x8_s { int16_t f7; } int16_t_x8; -static KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice bytes) { - int16_t r0 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) & - (int16_t)7) - << 8U | - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *); - int16_t r1 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) & - (int16_t)63) - << 5U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) >> - 3U; - int16_t r2 = - (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) & - (int16_t)1) - << 10U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) - << 2U) | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) >> - 6U; - int16_t r3 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) & - (int16_t)15) - << 7U | - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) >> - 1U; - int16_t r4 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) & - (int16_t)127) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) >> - 4U; - int16_t r5 = - (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) & - (int16_t)3) - << 9U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) - << 1U) | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) >> - 7U; - int16_t r6 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) & - (int16_t)31) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) >> - 2U; - int16_t r7 = - (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t *) - << 3U | - (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) >> - 5U; - return (CLITERAL(int16_t_x8){.fst = r0, - .snd = r1, - .thd = r2, - .f3 = r3, - .f4 = r4, - .f5 = r5, - .f6 = r6, - .f7 = r7}); -} - static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_vector_type_zero(void) { libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; - lit.elements[0U] = (int16_t)0; - lit.elements[1U] = (int16_t)0; - lit.elements[2U] = (int16_t)0; - lit.elements[3U] = (int16_t)0; - lit.elements[4U] = (int16_t)0; - lit.elements[5U] = (int16_t)0; - lit.elements[6U] = (int16_t)0; - lit.elements[7U] = (int16_t)0; - lit.elements[8U] = (int16_t)0; - lit.elements[9U] = (int16_t)0; - lit.elements[10U] = (int16_t)0; - lit.elements[11U] = (int16_t)0; - lit.elements[12U] = (int16_t)0; - lit.elements[13U] = (int16_t)0; - lit.elements[14U] = (int16_t)0; - lit.elements[15U] = (int16_t)0; + int16_t ret[16U]; + int16_t buf[16U] = {0U}; + libcrux_secrets_int_public_integers_classify_27_46(buf, ret); + memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; } -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t)); - int16_t_x8 v8_15 = - libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; -} - /** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +This function found in impl {libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a); -} - -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_vector_type_to_i16_array( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]) { - memcpy(ret, x.elements, (size_t)16U * sizeof(int16_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline void libcrux_ml_kem_vector_portable_to_i16_array_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]) { - libcrux_ml_kem_vector_portable_vector_type_to_i16_array(x, ret); -} - -static const uint8_t - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE - [256U][16U] = {{255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, - 255U, 255U, 255U}, - {12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, - 255U, 255U, 255U}, - {10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, - 13U, 255U, 255U}, - {14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, - 255U, 255U, 255U}, - {10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, - 15U, 255U, 255U}, - {12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, - 13U, 14U, 15U}}; - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ZERO_0d(void) { +libcrux_ml_kem_vector_portable_ZERO_b8(void) { return libcrux_ml_kem_vector_portable_vector_type_zero(); } @@ -6716,11 +5594,11 @@ libcrux_ml_kem_vector_portable_arithmetic_add( } /** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +This function found in impl {libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_add_0d( +libcrux_ml_kem_vector_portable_add_b8( libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { return libcrux_ml_kem_vector_portable_arithmetic_add(lhs, rhs); @@ -6740,11 +5618,11 @@ libcrux_ml_kem_vector_portable_arithmetic_sub( } /** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +This function found in impl {libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_sub_0d( +libcrux_ml_kem_vector_portable_sub_b8( libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { return libcrux_ml_kem_vector_portable_arithmetic_sub(lhs, rhs); @@ -6752,80 +5630,51 @@ libcrux_ml_kem_vector_portable_sub_0d( static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t c) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; size_t uu____0 = i0; - v.elements[uu____0] = v.elements[uu____0] * c; + vec.elements[uu____0] = vec.elements[uu____0] * c; } - return v; + return vec; } /** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +This function found in impl {libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_multiply_by_constant_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { - return libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant(v, c); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - size_t uu____0 = i0; - v.elements[uu____0] = v.elements[uu____0] & c; - } - return v; +libcrux_ml_kem_vector_portable_multiply_by_constant_b8( + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t c) { + return libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant(vec, c); } /** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} + Note: This function is not secret independent + Only use with public values. */ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { - return libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant(v, - c); -} - static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){ - .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - Option_b3 uu____0 = - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, Option_b3); - if (!(uu____0.tag == None)) { - size_t i = uu____0.f0; - if (v.elements[i] >= (int16_t)3329) { - size_t uu____1 = i; - v.elements[uu____1] = v.elements[uu____1] - (int16_t)3329; - } - continue; + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + if (libcrux_secrets_int_public_integers_declassify_d8_39( + vec.elements[i0]) >= (int16_t)3329) { + size_t uu____0 = i0; + vec.elements[uu____0] = vec.elements[uu____0] - (int16_t)3329; } - return v; } + return vec; } /** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +This function found in impl {libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( +libcrux_ml_kem_vector_portable_cond_subtract_3329_b8( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(v); } @@ -6833,11 +5682,10 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( #define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER \ ((int32_t)20159) -#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT ((int32_t)26) +#define LIBCRUX_ML_KEM_VECTOR_TRAITS_BARRETT_SHIFT ((int32_t)26) -#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R \ - ((int32_t)1 << (uint32_t) \ - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT) +#define LIBCRUX_ML_KEM_VECTOR_TRAITS_BARRETT_R \ + ((int32_t)1 << (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_BARRETT_SHIFT) /** Signed Barrett Reduction @@ -6850,50 +5698,47 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) - In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. + Note: The input bound is 28296 to prevent overflow in the multiplication of + quotient by FIELD_MODULUS + */ static inline int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( int16_t value) { - int32_t t = (int32_t)value * + int32_t t = libcrux_secrets_int_as_i32_f5(value) * LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER + - (LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R >> 1U); - int16_t quotient = - (int16_t)(t >> - (uint32_t) - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT); + (LIBCRUX_ML_KEM_VECTOR_TRAITS_BARRETT_R >> 1U); + int16_t quotient = libcrux_secrets_int_as_i16_36( + t >> (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_BARRETT_SHIFT); return value - quotient * LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - v.elements[i0] = + int16_t vi = libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( - v.elements[i0]); + vec.elements[i0]); + vec.elements[i0] = vi; } - return v; + return vec; } /** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +This function found in impl {libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_barrett_reduce_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(v); +libcrux_ml_kem_vector_portable_barrett_reduce_b8( + libcrux_ml_kem_vector_portable_vector_type_PortableVector vector) { + return libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(vector); } #define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT (16U) -#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_R \ - ((int32_t)1 << (uint32_t) \ - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT) - /** Signed Montgomery Reduction @@ -6903,27 +5748,32 @@ libcrux_ml_kem_vector_portable_barrett_reduce_0d( - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) - the absolute value of `o` is bound as follows: - `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) + `|result| ≤ ceil(|value| / MONTGOMERY_R) + 1665 + + In particular, if `|value| ≤ FIELD_MODULUS-1 * FIELD_MODULUS-1`, then `|o| <= + FIELD_MODULUS-1`. And, if `|value| ≤ pow2 16 * FIELD_MODULUS-1`, then `|o| <= + FIELD_MODULUS + 1664 - In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · - FIELD_MODULUS) / 2`. */ static inline int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( int32_t value) { int32_t k = - (int32_t)(int16_t)value * - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; + libcrux_secrets_int_as_i32_f5(libcrux_secrets_int_as_i16_36(value)) * + libcrux_secrets_int_as_i32_b8( + libcrux_secrets_int_public_integers_classify_27_df( + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); int32_t k_times_modulus = - (int32_t)(int16_t)k * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - int16_t c = - (int16_t)(k_times_modulus >> - (uint32_t) - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT); - int16_t value_high = - (int16_t)(value >> - (uint32_t) - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT); + libcrux_secrets_int_as_i32_f5(libcrux_secrets_int_as_i16_36(k)) * + libcrux_secrets_int_as_i32_f5( + libcrux_secrets_int_public_integers_classify_27_39( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + int16_t c = libcrux_secrets_int_as_i16_36( + k_times_modulus >> + (uint32_t)LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT); + int16_t value_high = libcrux_secrets_int_as_i16_36( + value >> + (uint32_t)LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT); return value_high - c; } @@ -6941,32 +5791,85 @@ libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( static KRML_MUSTINLINE int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( int16_t fe, int16_t fer) { + int32_t product = + libcrux_secrets_int_as_i32_f5(fe) * libcrux_secrets_int_as_i32_f5(fer); return libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)fe * (int32_t)fer); + product); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t c) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - v.elements[i0] = + vec.elements[i0] = libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( - v.elements[i0], c); + vec.elements[i0], c); } - return v; + return vec; } /** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +This function found in impl {libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t r) { +libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_b8( + libcrux_ml_kem_vector_portable_vector_type_PortableVector vector, + int16_t constant) { return libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( - v, r); + vector, libcrux_secrets_int_public_integers_classify_27_39(constant)); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t c) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + size_t uu____0 = i0; + vec.elements[uu____0] = vec.elements[uu____0] & c; + } + return vec; +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.portable.arithmetic.shift_right +with const generics +- SHIFT_BY= 15 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_shift_right_ef( + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + vec.elements[i0] = vec.elements[i0] >> (uint32_t)(int32_t)15; + } + return vec; +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_to_unsigned_representative( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector t = + libcrux_ml_kem_vector_portable_arithmetic_shift_right_ef(a); + libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = + libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant( + t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return libcrux_ml_kem_vector_portable_arithmetic_add(a, &fm); +} + +/** +This function found in impl {libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector} +*/ +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_to_unsigned_representative_b8( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { + return libcrux_ml_kem_vector_portable_arithmetic_to_unsigned_representative( + a); } /** @@ -6994,34 +5897,38 @@ libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( static inline uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( uint16_t fe) { - int16_t shifted = (int16_t)1664 - (int16_t)fe; + int16_t shifted = + libcrux_secrets_int_public_integers_classify_27_39((int16_t)1664) - + libcrux_secrets_int_as_i16_ca(fe); int16_t mask = shifted >> 15U; int16_t shifted_to_positive = mask ^ shifted; int16_t shifted_positive_in_range = shifted_to_positive - (int16_t)832; - return (uint8_t)(shifted_positive_in_range >> 15U & (int16_t)1); + int16_t r0 = shifted_positive_in_range >> 15U; + int16_t r1 = r0 & (int16_t)1; + return libcrux_secrets_int_as_u8_f5(r1); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_compress_compress_1( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - v.elements[i0] = (int16_t) + a.elements[i0] = libcrux_secrets_int_as_i16_59( libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( - (uint16_t)v.elements[i0]); + libcrux_secrets_int_as_u16_f5(a.elements[i0]))); } - return v; + return a; } /** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +This function found in impl {libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_1_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_1(v); +libcrux_ml_kem_vector_portable_compress_1_b8( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { + return libcrux_ml_kem_vector_portable_compress_compress_1(a); } static KRML_MUSTINLINE uint32_t @@ -7033,54 +5940,81 @@ libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits( static inline int16_t libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( uint8_t coefficient_bits, uint16_t fe) { - uint64_t compressed = (uint64_t)fe << (uint32_t)coefficient_bits; + uint64_t compressed = libcrux_secrets_int_as_u64_ca(fe) + << (uint32_t)coefficient_bits; compressed = compressed + 1664ULL; compressed = compressed * 10321340ULL; compressed = compressed >> 35U; - return (int16_t) + return libcrux_secrets_int_as_i16_b8( libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits( - coefficient_bits, (uint32_t)compressed); + coefficient_bits, libcrux_secrets_int_as_u32_a3(compressed))); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_compress_decompress_1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector z = + libcrux_ml_kem_vector_portable_vector_type_zero(); + libcrux_ml_kem_vector_portable_vector_type_PortableVector s = + libcrux_ml_kem_vector_portable_arithmetic_sub(z, &a); + libcrux_ml_kem_vector_portable_vector_type_PortableVector res = + libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant( + s, (int16_t)1665); + return res; +} + +/** +This function found in impl {libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector} +*/ +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_decompress_1_b8( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { + return libcrux_ml_kem_vector_portable_compress_decompress_1(a); } static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, int16_t zeta, - size_t i, size_t j) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector *vec, + int16_t zeta, size_t i, size_t j) { int16_t t = libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( - v->elements[j], zeta); - v->elements[j] = v->elements[i] - t; - v->elements[i] = v->elements[i] + t; + vec->elements[j], + libcrux_secrets_int_public_integers_classify_27_39(zeta)); + int16_t a_minus_t = vec->elements[i] - t; + int16_t a_plus_t = vec->elements[i] + t; + vec->elements[j] = a_minus_t; + vec->elements[i] = a_plus_t; } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3) { - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)0U, + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)0U, (size_t)2U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)1U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)1U, (size_t)3U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)4U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)4U, (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)5U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)5U, (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta2, (size_t)8U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta2, (size_t)8U, (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta2, (size_t)9U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta2, (size_t)9U, (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta3, (size_t)12U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta3, (size_t)12U, (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta3, (size_t)13U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta3, (size_t)13U, (size_t)15U); - return v; + return vec; } /** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +This function found in impl {libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( +libcrux_ml_kem_vector_portable_ntt_layer_1_step_b8( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { return libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step(a, zeta0, zeta1, @@ -7089,33 +6023,33 @@ libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1) { - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)0U, + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, + int16_t zeta0, int16_t zeta1) { + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)0U, (size_t)4U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)1U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)1U, (size_t)5U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)2U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)2U, (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)3U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)3U, (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)8U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)8U, (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)9U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)9U, (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)10U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)10U, (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)11U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)11U, (size_t)15U); - return v; + return vec; } /** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +This function found in impl {libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( +libcrux_ml_kem_vector_portable_ntt_layer_2_step_b8( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, int16_t zeta1) { return libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step(a, zeta0, zeta1); @@ -7123,75 +6057,80 @@ libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) { - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)0U, (size_t)8U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)1U, (size_t)9U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)2U, + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, + int16_t zeta) { + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)0U, + (size_t)8U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)1U, + (size_t)9U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)2U, (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)3U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)3U, (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)4U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)4U, (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)5U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)5U, (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)6U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)6U, (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)7U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)7U, (size_t)15U); - return v; + return vec; } /** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +This function found in impl {libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_layer_3_step_0d( +libcrux_ml_kem_vector_portable_ntt_layer_3_step_b8( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) { return libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step(a, zeta); } static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_inv_ntt_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, int16_t zeta, - size_t i, size_t j) { - int16_t a_minus_b = v->elements[j] - v->elements[i]; - v->elements[i] = - libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( - v->elements[i] + v->elements[j]); - v->elements[j] = + libcrux_ml_kem_vector_portable_vector_type_PortableVector *vec, + int16_t zeta, size_t i, size_t j) { + int16_t a_minus_b = vec->elements[j] - vec->elements[i]; + int16_t a_plus_b = vec->elements[j] + vec->elements[i]; + int16_t o0 = libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + a_plus_b); + int16_t o1 = libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( - a_minus_b, zeta); + a_minus_b, libcrux_secrets_int_public_integers_classify_27_39(zeta)); + vec->elements[i] = o0; + vec->elements[j] = o1; } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3) { - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)0U, + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)0U, (size_t)2U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)1U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)1U, (size_t)3U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)4U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)4U, (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)5U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)5U, (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta2, (size_t)8U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta2, (size_t)8U, (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta2, (size_t)9U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta2, (size_t)9U, (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta3, (size_t)12U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta3, (size_t)12U, (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta3, (size_t)13U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta3, (size_t)13U, (size_t)15U); - return v; + return vec; } /** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +This function found in impl {libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( +libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_b8( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( @@ -7200,33 +6139,33 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1) { - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)0U, + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, + int16_t zeta0, int16_t zeta1) { + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)0U, (size_t)4U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)1U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)1U, (size_t)5U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)2U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)2U, (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)3U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)3U, (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)8U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)8U, (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)9U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)9U, (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)10U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)10U, (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)11U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)11U, (size_t)15U); - return v; + return vec; } /** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +This function found in impl {libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( +libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_b8( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, int16_t zeta1) { return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step(a, zeta0, @@ -7235,32 +6174,33 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) { - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)0U, + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, + int16_t zeta) { + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)0U, (size_t)8U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)1U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)1U, (size_t)9U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)2U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)2U, (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)3U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)3U, (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)4U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)4U, (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)5U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)5U, (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)6U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)6U, (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)7U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)7U, (size_t)15U); - return v; + return vec; } /** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +This function found in impl {libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( +libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_b8( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) { return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta); } @@ -7291,20 +6231,34 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, - size_t i, size_t j, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *out) { - int16_t o0 = libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)a->elements[i] * (int32_t)b->elements[i] + - (int32_t) - libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)a->elements[j] * (int32_t)b->elements[j]) * - (int32_t)zeta); + size_t i, libcrux_ml_kem_vector_portable_vector_type_PortableVector *out) { + int16_t ai = a->elements[(size_t)2U * i]; + int16_t bi = b->elements[(size_t)2U * i]; + int16_t aj = a->elements[(size_t)2U * i + (size_t)1U]; + int16_t bj = b->elements[(size_t)2U * i + (size_t)1U]; + int32_t ai_bi = + libcrux_secrets_int_as_i32_f5(ai) * libcrux_secrets_int_as_i32_f5(bi); + int32_t aj_bj_ = + libcrux_secrets_int_as_i32_f5(aj) * libcrux_secrets_int_as_i32_f5(bj); + int16_t aj_bj = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + aj_bj_); + int32_t aj_bj_zeta = libcrux_secrets_int_as_i32_f5(aj_bj) * + libcrux_secrets_int_as_i32_f5(zeta); + int32_t ai_bi_aj_bj = ai_bi + aj_bj_zeta; + int16_t o0 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + ai_bi_aj_bj); + int32_t ai_bj = + libcrux_secrets_int_as_i32_f5(ai) * libcrux_secrets_int_as_i32_f5(bj); + int32_t aj_bi = + libcrux_secrets_int_as_i32_f5(aj) * libcrux_secrets_int_as_i32_f5(bi); + int32_t ai_bj_aj_bi = ai_bj + aj_bi; int16_t o1 = libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)a->elements[i] * (int32_t)b->elements[j] + - (int32_t)a->elements[j] * (int32_t)b->elements[i]); - out->elements[i] = o0; - out->elements[j] = o1; + ai_bj_aj_bi); + out->elements[(size_t)2U * i] = o0; + out->elements[(size_t)2U * i + (size_t)1U] = o1; } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7312,33 +6266,45 @@ libcrux_ml_kem_vector_portable_ntt_ntt_multiply( libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { + int16_t nzeta0 = -zeta0; + int16_t nzeta1 = -zeta1; + int16_t nzeta2 = -zeta2; + int16_t nzeta3 = -zeta3; libcrux_ml_kem_vector_portable_vector_type_PortableVector out = libcrux_ml_kem_vector_portable_vector_type_zero(); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta0, (size_t)0U, (size_t)1U, &out); + lhs, rhs, libcrux_secrets_int_public_integers_classify_27_39(zeta0), + (size_t)0U, &out); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta0, (size_t)2U, (size_t)3U, &out); + lhs, rhs, libcrux_secrets_int_public_integers_classify_27_39(nzeta0), + (size_t)1U, &out); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta1, (size_t)4U, (size_t)5U, &out); + lhs, rhs, libcrux_secrets_int_public_integers_classify_27_39(zeta1), + (size_t)2U, &out); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta1, (size_t)6U, (size_t)7U, &out); + lhs, rhs, libcrux_secrets_int_public_integers_classify_27_39(nzeta1), + (size_t)3U, &out); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta2, (size_t)8U, (size_t)9U, &out); + lhs, rhs, libcrux_secrets_int_public_integers_classify_27_39(zeta2), + (size_t)4U, &out); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta2, (size_t)10U, (size_t)11U, &out); + lhs, rhs, libcrux_secrets_int_public_integers_classify_27_39(nzeta2), + (size_t)5U, &out); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta3, (size_t)12U, (size_t)13U, &out); + lhs, rhs, libcrux_secrets_int_public_integers_classify_27_39(zeta3), + (size_t)6U, &out); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta3, (size_t)14U, (size_t)15U, &out); + lhs, rhs, libcrux_secrets_int_public_integers_classify_27_39(nzeta3), + (size_t)7U, &out); return out; } /** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +This function found in impl {libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_multiply_0d( +libcrux_ml_kem_vector_portable_ntt_multiply_b8( libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { @@ -7350,62 +6316,114 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[2U]) { - uint8_t result[2U] = {0U}; - for (size_t i = (size_t)0U; i < (size_t)8U; i++) { - size_t i0 = i; - size_t uu____0 = (size_t)0U; - result[uu____0] = (uint32_t)result[uu____0] | - (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)i0; - } - for (size_t i = (size_t)8U; i < (size_t)16U; i++) { - size_t i0 = i; - size_t uu____1 = (size_t)1U; - result[uu____1] = - (uint32_t)result[uu____1] | (uint32_t)(uint8_t)v.elements[i0] - << (uint32_t)(i0 - (size_t)8U); - } - memcpy(ret, result, (size_t)2U * sizeof(uint8_t)); + uint8_t result0 = + (((((((uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[0U]) | + (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[1U]) << 1U) | + (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[2U]) << 2U) | + (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[3U]) << 3U) | + (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[4U]) << 4U) | + (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[5U]) << 5U) | + (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[6U]) << 6U) | + (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[7U]) << 7U; + uint8_t result1 = + (((((((uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[8U]) | + (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[9U]) << 1U) | + (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[10U]) << 2U) | + (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[11U]) << 3U) | + (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[12U]) << 4U) | + (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[13U]) << 5U) | + (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[14U]) << 6U) | + (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[15U]) << 7U; + ret[0U] = result0; + ret[1U] = result1; +} + +static inline void libcrux_ml_kem_vector_portable_serialize_1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[2U]) { + uint8_t ret0[2U]; + libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret0); + libcrux_secrets_int_public_integers_declassify_d8_d4(ret0, ret); } /** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +This function found in impl {libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ -static inline void libcrux_ml_kem_vector_portable_serialize_1_0d( +static inline void libcrux_ml_kem_vector_portable_serialize_1_b8( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[2U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret); + libcrux_ml_kem_vector_portable_serialize_1(a, ret); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector result = - libcrux_ml_kem_vector_portable_vector_type_zero(); - for (size_t i = (size_t)0U; i < (size_t)8U; i++) { - size_t i0 = i; - result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index( - v, (size_t)0U, uint8_t, uint8_t *) >> - (uint32_t)i0 & - 1U); - } - for (size_t i = (size_t)8U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index( - v, (size_t)1U, uint8_t, uint8_t *) >> - (uint32_t)(i0 - (size_t)8U) & - 1U); - } - return result; + int16_t result0 = libcrux_secrets_int_as_i16_59( + (uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, uint8_t *) & 1U); + int16_t result1 = libcrux_secrets_int_as_i16_59( + (uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, uint8_t *) >> 1U & + 1U); + int16_t result2 = libcrux_secrets_int_as_i16_59( + (uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, uint8_t *) >> 2U & + 1U); + int16_t result3 = libcrux_secrets_int_as_i16_59( + (uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, uint8_t *) >> 3U & + 1U); + int16_t result4 = libcrux_secrets_int_as_i16_59( + (uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, uint8_t *) >> 4U & + 1U); + int16_t result5 = libcrux_secrets_int_as_i16_59( + (uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, uint8_t *) >> 5U & + 1U); + int16_t result6 = libcrux_secrets_int_as_i16_59( + (uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, uint8_t *) >> 6U & + 1U); + int16_t result7 = libcrux_secrets_int_as_i16_59( + (uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, uint8_t *) >> 7U & + 1U); + int16_t result8 = libcrux_secrets_int_as_i16_59( + (uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t *) & 1U); + int16_t result9 = libcrux_secrets_int_as_i16_59( + (uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t *) >> 1U & + 1U); + int16_t result10 = libcrux_secrets_int_as_i16_59( + (uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t *) >> 2U & + 1U); + int16_t result11 = libcrux_secrets_int_as_i16_59( + (uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t *) >> 3U & + 1U); + int16_t result12 = libcrux_secrets_int_as_i16_59( + (uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t *) >> 4U & + 1U); + int16_t result13 = libcrux_secrets_int_as_i16_59( + (uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t *) >> 5U & + 1U); + int16_t result14 = libcrux_secrets_int_as_i16_59( + (uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t *) >> 6U & + 1U); + int16_t result15 = libcrux_secrets_int_as_i16_59( + (uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t *) >> 7U & + 1U); + return ( + KRML_CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector){ + .elements = {result0, result1, result2, result3, result4, result5, + result6, result7, result8, result9, result10, result11, + result12, result13, result14, result15}}); +} + +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_1(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_1( + libcrux_secrets_int_classify_public_classify_ref_9b_90(a)); } /** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +This function found in impl {libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); +libcrux_ml_kem_vector_portable_deserialize_1_b8(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_deserialize_1(a); } typedef struct uint8_t_x4_s { @@ -7417,27 +6435,27 @@ typedef struct uint8_t_x4_s { static KRML_MUSTINLINE uint8_t_x4 libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { - uint8_t result0 = - (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *); - uint8_t result1 = - (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *); - uint8_t result2 = - (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *); - uint8_t result3 = - (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *); - return (CLITERAL(uint8_t_x4){ + uint8_t result0 = (uint32_t)libcrux_secrets_int_as_u8_f5( + Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *)) + << 4U | + (uint32_t)libcrux_secrets_int_as_u8_f5(Eurydice_slice_index( + v, (size_t)0U, int16_t, int16_t *)); + uint8_t result1 = (uint32_t)libcrux_secrets_int_as_u8_f5( + Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *)) + << 4U | + (uint32_t)libcrux_secrets_int_as_u8_f5(Eurydice_slice_index( + v, (size_t)2U, int16_t, int16_t *)); + uint8_t result2 = (uint32_t)libcrux_secrets_int_as_u8_f5( + Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *)) + << 4U | + (uint32_t)libcrux_secrets_int_as_u8_f5(Eurydice_slice_index( + v, (size_t)4U, int16_t, int16_t *)); + uint8_t result3 = (uint32_t)libcrux_secrets_int_as_u8_f5( + Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *)) + << 4U | + (uint32_t)libcrux_secrets_int_as_u8_f5(Eurydice_slice_index( + v, (size_t)6U, int16_t, int16_t *)); + return (KRML_CLITERAL(uint8_t_x4){ .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); } @@ -7447,109 +6465,107 @@ libcrux_ml_kem_vector_portable_serialize_serialize_4( uint8_t ret[8U]) { uint8_t_x4 result0_3 = libcrux_ml_kem_vector_portable_serialize_serialize_4_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, - int16_t)); + Eurydice_array_to_subslice3(v.elements, (size_t)0U, (size_t)8U, + int16_t *)); uint8_t_x4 result4_7 = libcrux_ml_kem_vector_portable_serialize_serialize_4_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t)); - uint8_t result[8U] = {0U}; - result[0U] = result0_3.fst; - result[1U] = result0_3.snd; - result[2U] = result0_3.thd; - result[3U] = result0_3.f3; - result[4U] = result4_7.fst; - result[5U] = result4_7.snd; - result[6U] = result4_7.thd; - result[7U] = result4_7.f3; - memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); + Eurydice_array_to_subslice3(v.elements, (size_t)8U, (size_t)16U, + int16_t *)); + ret[0U] = result0_3.fst; + ret[1U] = result0_3.snd; + ret[2U] = result0_3.thd; + ret[3U] = result0_3.f3; + ret[4U] = result4_7.fst; + ret[5U] = result4_7.snd; + ret[6U] = result4_7.thd; + ret[7U] = result4_7.f3; +} + +static inline void libcrux_ml_kem_vector_portable_serialize_4( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[8U]) { + uint8_t ret0[8U]; + libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret0); + libcrux_secrets_int_public_integers_declassify_d8_76(ret0, ret); } /** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +This function found in impl {libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ -static inline void libcrux_ml_kem_vector_portable_serialize_4_0d( +static inline void libcrux_ml_kem_vector_portable_serialize_4_b8( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[8U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); + libcrux_ml_kem_vector_portable_serialize_4(a, ret); } static KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U, - uint8_t, uint8_t *) & - 15U); - int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U, - uint8_t, uint8_t *) >> - 4U & - 15U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, - uint8_t, uint8_t *) & - 15U); - int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, - uint8_t, uint8_t *) >> - 4U & - 15U); - int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, - uint8_t, uint8_t *) & - 15U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, - uint8_t, uint8_t *) >> - 4U & - 15U); - int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, - uint8_t, uint8_t *) & - 15U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, - uint8_t, uint8_t *) >> - 4U & - 15U); - return (CLITERAL(int16_t_x8){.fst = v0, - .snd = v1, - .thd = v2, - .f3 = v3, - .f4 = v4, - .f5 = v5, - .f6 = v6, - .f7 = v7}); + int16_t v0 = libcrux_secrets_int_as_i16_59( + (uint32_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *) & + 15U); + int16_t v1 = libcrux_secrets_int_as_i16_59( + (uint32_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *) >> + 4U & + 15U); + int16_t v2 = libcrux_secrets_int_as_i16_59( + (uint32_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) & + 15U); + int16_t v3 = libcrux_secrets_int_as_i16_59( + (uint32_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) >> + 4U & + 15U); + int16_t v4 = libcrux_secrets_int_as_i16_59( + (uint32_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) & + 15U); + int16_t v5 = libcrux_secrets_int_as_i16_59( + (uint32_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) >> + 4U & + 15U); + int16_t v6 = libcrux_secrets_int_as_i16_59( + (uint32_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) & + 15U); + int16_t v7 = libcrux_secrets_int_as_i16_59( + (uint32_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) >> + 4U & + 15U); + return (KRML_CLITERAL(int16_t_x8){.fst = v0, + .snd = v1, + .thd = v2, + .f3 = v3, + .f4 = v4, + .f5 = v5, + .f6 = v6, + .f7 = v7}); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t)); + Eurydice_slice_subslice3(bytes, (size_t)0U, (size_t)4U, uint8_t *)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; + Eurydice_slice_subslice3(bytes, (size_t)4U, (size_t)8U, uint8_t *)); + return ( + KRML_CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector){ + .elements = {v0_7.fst, v0_7.snd, v0_7.thd, v0_7.f3, v0_7.f4, v0_7.f5, + v0_7.f6, v0_7.f7, v8_15.fst, v8_15.snd, v8_15.thd, + v8_15.f3, v8_15.f4, v8_15.f5, v8_15.f6, v8_15.f7}}); +} + +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_4(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_4( + libcrux_secrets_int_classify_public_classify_ref_9b_90(a)); } /** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +This function found in impl {libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); +libcrux_ml_kem_vector_portable_deserialize_4_b8(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_deserialize_4(a); } typedef struct uint8_t_x5_s { @@ -7560,185 +6576,35 @@ typedef struct uint8_t_x5_s { uint8_t f4; } uint8_t_x5; -static KRML_MUSTINLINE uint8_t_x5 -libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { - uint8_t r0 = - (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) | - Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) << 5U); - uint8_t r1 = - (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) >> 3U | - Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *) - << 2U) | - Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) << 7U); - uint8_t r2 = - (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) >> 1U | - Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *) << 4U); - uint8_t r3 = - (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *) >> 4U | - Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *) - << 1U) | - Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *) << 6U); - uint8_t r4 = - (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *) >> 2U | - Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) << 3U); - return (CLITERAL(uint8_t_x5){ - .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); -} - -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_serialize_serialize_5( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[10U]) { - uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t)); - uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t)); - uint8_t result[10U] = {0U}; - result[0U] = r0_4.fst; - result[1U] = r0_4.snd; - result[2U] = r0_4.thd; - result[3U] = r0_4.f3; - result[4U] = r0_4.f4; - result[5U] = r5_9.fst; - result[6U] = r5_9.snd; - result[7U] = r5_9.thd; - result[8U] = r5_9.f3; - result[9U] = r5_9.f4; - memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline void libcrux_ml_kem_vector_portable_serialize_5_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[10U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); -} - -static KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U, - uint8_t, uint8_t *) & - 31U); - int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, - uint8_t, uint8_t *) & - 3U) << 3U | - (uint32_t)Eurydice_slice_index(bytes, (size_t)0U, - uint8_t, uint8_t *) >> - 5U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, - uint8_t, uint8_t *) >> - 2U & - 31U); - int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, - uint8_t, uint8_t *) & - 15U) - << 1U | - (uint32_t)Eurydice_slice_index(bytes, (size_t)1U, - uint8_t, uint8_t *) >> - 7U); - int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, - uint8_t, uint8_t *) & - 1U) << 4U | - (uint32_t)Eurydice_slice_index(bytes, (size_t)2U, - uint8_t, uint8_t *) >> - 4U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, - uint8_t, uint8_t *) >> - 1U & - 31U); - int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)4U, - uint8_t, uint8_t *) & - 7U) << 2U | - (uint32_t)Eurydice_slice_index(bytes, (size_t)3U, - uint8_t, uint8_t *) >> - 6U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)4U, - uint8_t, uint8_t *) >> - 3U); - return (CLITERAL(int16_t_x8){.fst = v0, - .snd = v1, - .thd = v2, - .f3 = v3, - .f4 = v4, - .f5 = v5, - .f6 = v6, - .f7 = v7}); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t)); - int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); -} - static KRML_MUSTINLINE uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_10_int(Eurydice_slice v) { - uint8_t r0 = - (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) & - (int16_t)255); - uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *) & - (int16_t)63) - << 2U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *) >> - 8U & - (int16_t)3); - uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *) & - (int16_t)15) - << 4U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *) >> - 6U & - (int16_t)15); - uint8_t r3 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *) & - (int16_t)3) - << 6U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *) >> - 4U & - (int16_t)63); - uint8_t r4 = - (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) >> 2U & - (int16_t)255); - return (CLITERAL(uint8_t_x5){ + uint8_t r0 = libcrux_secrets_int_as_u8_f5( + Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) & (int16_t)255); + uint8_t r1 = + (uint32_t)libcrux_secrets_int_as_u8_f5( + Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) & (int16_t)63) + << 2U | + (uint32_t)libcrux_secrets_int_as_u8_f5( + Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) >> 8U & + (int16_t)3); + uint8_t r2 = + (uint32_t)libcrux_secrets_int_as_u8_f5( + Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *) & (int16_t)15) + << 4U | + (uint32_t)libcrux_secrets_int_as_u8_f5( + Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) >> 6U & + (int16_t)15); + uint8_t r3 = + (uint32_t)libcrux_secrets_int_as_u8_f5( + Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) & (int16_t)3) + << 6U | + (uint32_t)libcrux_secrets_int_as_u8_f5( + Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *) >> 4U & + (int16_t)63); + uint8_t r4 = libcrux_secrets_int_as_u8_f5( + Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) >> 2U & + (int16_t)255); + return (KRML_CLITERAL(uint8_t_x5){ .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); } @@ -7747,143 +6613,159 @@ libcrux_ml_kem_vector_portable_serialize_serialize_10( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[20U]) { uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)4U, int16_t)); + Eurydice_array_to_subslice3(v.elements, (size_t)0U, (size_t)4U, + int16_t *)); uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)8U, int16_t)); + Eurydice_array_to_subslice3(v.elements, (size_t)4U, (size_t)8U, + int16_t *)); uint8_t_x5 r10_14 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)12U, - int16_t)); + Eurydice_array_to_subslice3(v.elements, (size_t)8U, (size_t)12U, + int16_t *)); uint8_t_x5 r15_19 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, - int16_t)); - uint8_t result[20U] = {0U}; - result[0U] = r0_4.fst; - result[1U] = r0_4.snd; - result[2U] = r0_4.thd; - result[3U] = r0_4.f3; - result[4U] = r0_4.f4; - result[5U] = r5_9.fst; - result[6U] = r5_9.snd; - result[7U] = r5_9.thd; - result[8U] = r5_9.f3; - result[9U] = r5_9.f4; - result[10U] = r10_14.fst; - result[11U] = r10_14.snd; - result[12U] = r10_14.thd; - result[13U] = r10_14.f3; - result[14U] = r10_14.f4; - result[15U] = r15_19.fst; - result[16U] = r15_19.snd; - result[17U] = r15_19.thd; - result[18U] = r15_19.f3; - result[19U] = r15_19.f4; - memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); + Eurydice_array_to_subslice3(v.elements, (size_t)12U, (size_t)16U, + int16_t *)); + ret[0U] = r0_4.fst; + ret[1U] = r0_4.snd; + ret[2U] = r0_4.thd; + ret[3U] = r0_4.f3; + ret[4U] = r0_4.f4; + ret[5U] = r5_9.fst; + ret[6U] = r5_9.snd; + ret[7U] = r5_9.thd; + ret[8U] = r5_9.f3; + ret[9U] = r5_9.f4; + ret[10U] = r10_14.fst; + ret[11U] = r10_14.snd; + ret[12U] = r10_14.thd; + ret[13U] = r10_14.f3; + ret[14U] = r10_14.f4; + ret[15U] = r15_19.fst; + ret[16U] = r15_19.snd; + ret[17U] = r15_19.thd; + ret[18U] = r15_19.f3; + ret[19U] = r15_19.f4; +} + +static inline void libcrux_ml_kem_vector_portable_serialize_10( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[20U]) { + uint8_t ret0[20U]; + libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret0); + libcrux_secrets_int_public_integers_declassify_d8_57(ret0, ret); } /** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +This function found in impl {libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ -static inline void libcrux_ml_kem_vector_portable_serialize_10_0d( +static inline void libcrux_ml_kem_vector_portable_serialize_10_b8( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[20U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret); + libcrux_ml_kem_vector_portable_serialize_10(a, ret); } static KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( Eurydice_slice bytes) { - int16_t r0 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) & + int16_t r0 = libcrux_secrets_int_as_i16_f5( + (libcrux_secrets_int_as_i16_59( + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *)) & (int16_t)3) << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *) & - (int16_t)255); - int16_t r1 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) & + (libcrux_secrets_int_as_i16_59( + Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)) & + (int16_t)255)); + int16_t r1 = libcrux_secrets_int_as_i16_f5( + (libcrux_secrets_int_as_i16_59( + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *)) & (int16_t)15) << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) >> - 2U; - int16_t r2 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) & + libcrux_secrets_int_as_i16_59( + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *)) >> + 2U); + int16_t r2 = libcrux_secrets_int_as_i16_f5( + (libcrux_secrets_int_as_i16_59( + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *)) & (int16_t)63) << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) >> - 4U; - int16_t r3 = - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) + libcrux_secrets_int_as_i16_59( + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *)) >> + 4U); + int16_t r3 = libcrux_secrets_int_as_i16_f5( + libcrux_secrets_int_as_i16_59( + Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *)) << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) >> - 6U; - int16_t r4 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) & + libcrux_secrets_int_as_i16_59( + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *)) >> + 6U); + int16_t r4 = libcrux_secrets_int_as_i16_f5( + (libcrux_secrets_int_as_i16_59( + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *)) & (int16_t)3) << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) & - (int16_t)255); - int16_t r5 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) & + (libcrux_secrets_int_as_i16_59( + Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *)) & + (int16_t)255)); + int16_t r5 = libcrux_secrets_int_as_i16_f5( + (libcrux_secrets_int_as_i16_59( + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *)) & (int16_t)15) << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) >> - 2U; - int16_t r6 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) & + libcrux_secrets_int_as_i16_59( + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *)) >> + 2U); + int16_t r6 = libcrux_secrets_int_as_i16_f5( + (libcrux_secrets_int_as_i16_59( + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *)) & (int16_t)63) << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) >> - 4U; - int16_t r7 = - (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) + libcrux_secrets_int_as_i16_59( + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *)) >> + 4U); + int16_t r7 = libcrux_secrets_int_as_i16_f5( + libcrux_secrets_int_as_i16_59( + Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *)) << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) >> - 6U; - return (CLITERAL(int16_t_x8){.fst = r0, - .snd = r1, - .thd = r2, - .f3 = r3, - .f4 = r4, - .f5 = r5, - .f6 = r6, - .f7 = r7}); + libcrux_secrets_int_as_i16_59( + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *)) >> + 6U); + return (KRML_CLITERAL(int16_t_x8){.fst = r0, + .snd = r1, + .thd = r2, + .f3 = r3, + .f4 = r4, + .f5 = r5, + .f6 = r6, + .f7 = r7}); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t)); + Eurydice_slice_subslice3(bytes, (size_t)0U, (size_t)10U, uint8_t *)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; + Eurydice_slice_subslice3(bytes, (size_t)10U, (size_t)20U, uint8_t *)); + return ( + KRML_CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector){ + .elements = {v0_7.fst, v0_7.snd, v0_7.thd, v0_7.f3, v0_7.f4, v0_7.f5, + v0_7.f6, v0_7.f7, v8_15.fst, v8_15.snd, v8_15.thd, + v8_15.f3, v8_15.f4, v8_15.f5, v8_15.f6, v8_15.f7}}); +} + +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_10(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_10( + libcrux_secrets_int_classify_public_classify_ref_9b_90(a)); } /** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +This function found in impl {libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); +libcrux_ml_kem_vector_portable_deserialize_10_b8(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_deserialize_10(a); } typedef struct uint8_t_x3_s { @@ -7894,18 +6776,16 @@ typedef struct uint8_t_x3_s { static KRML_MUSTINLINE uint8_t_x3 libcrux_ml_kem_vector_portable_serialize_serialize_12_int(Eurydice_slice v) { - uint8_t r0 = - (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) & - (int16_t)255); - uint8_t r1 = - (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) >> 8U | - (Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) & - (int16_t)15) - << 4U); - uint8_t r2 = - (uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) >> 4U & - (int16_t)255); - return (CLITERAL(uint8_t_x3){.fst = r0, .snd = r1, .thd = r2}); + uint8_t r0 = libcrux_secrets_int_as_u8_f5( + Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) & (int16_t)255); + uint8_t r1 = libcrux_secrets_int_as_u8_f5( + Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) >> 8U | + (Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) & (int16_t)15) + << 4U); + uint8_t r2 = libcrux_secrets_int_as_u8_f5( + Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) >> 4U & + (int16_t)255); + return (KRML_CLITERAL(uint8_t_x3){.fst = r0, .snd = r1, .thd = r2}); } static KRML_MUSTINLINE void @@ -7913,61 +6793,71 @@ libcrux_ml_kem_vector_portable_serialize_serialize_12( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[24U]) { uint8_t_x3 r0_2 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)2U, int16_t)); + Eurydice_array_to_subslice3(v.elements, (size_t)0U, (size_t)2U, + int16_t *)); uint8_t_x3 r3_5 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)2U, (size_t)4U, int16_t)); + Eurydice_array_to_subslice3(v.elements, (size_t)2U, (size_t)4U, + int16_t *)); uint8_t_x3 r6_8 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)6U, int16_t)); + Eurydice_array_to_subslice3(v.elements, (size_t)4U, (size_t)6U, + int16_t *)); uint8_t_x3 r9_11 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)6U, (size_t)8U, int16_t)); + Eurydice_array_to_subslice3(v.elements, (size_t)6U, (size_t)8U, + int16_t *)); uint8_t_x3 r12_14 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)10U, - int16_t)); + Eurydice_array_to_subslice3(v.elements, (size_t)8U, (size_t)10U, + int16_t *)); uint8_t_x3 r15_17 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)10U, (size_t)12U, - int16_t)); + Eurydice_array_to_subslice3(v.elements, (size_t)10U, (size_t)12U, + int16_t *)); uint8_t_x3 r18_20 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)14U, - int16_t)); + Eurydice_array_to_subslice3(v.elements, (size_t)12U, (size_t)14U, + int16_t *)); uint8_t_x3 r21_23 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)14U, (size_t)16U, - int16_t)); - uint8_t result[24U] = {0U}; - result[0U] = r0_2.fst; - result[1U] = r0_2.snd; - result[2U] = r0_2.thd; - result[3U] = r3_5.fst; - result[4U] = r3_5.snd; - result[5U] = r3_5.thd; - result[6U] = r6_8.fst; - result[7U] = r6_8.snd; - result[8U] = r6_8.thd; - result[9U] = r9_11.fst; - result[10U] = r9_11.snd; - result[11U] = r9_11.thd; - result[12U] = r12_14.fst; - result[13U] = r12_14.snd; - result[14U] = r12_14.thd; - result[15U] = r15_17.fst; - result[16U] = r15_17.snd; - result[17U] = r15_17.thd; - result[18U] = r18_20.fst; - result[19U] = r18_20.snd; - result[20U] = r18_20.thd; - result[21U] = r21_23.fst; - result[22U] = r21_23.snd; - result[23U] = r21_23.thd; - memcpy(ret, result, (size_t)24U * sizeof(uint8_t)); + Eurydice_array_to_subslice3(v.elements, (size_t)14U, (size_t)16U, + int16_t *)); + ret[0U] = r0_2.fst; + ret[1U] = r0_2.snd; + ret[2U] = r0_2.thd; + ret[3U] = r3_5.fst; + ret[4U] = r3_5.snd; + ret[5U] = r3_5.thd; + ret[6U] = r6_8.fst; + ret[7U] = r6_8.snd; + ret[8U] = r6_8.thd; + ret[9U] = r9_11.fst; + ret[10U] = r9_11.snd; + ret[11U] = r9_11.thd; + ret[12U] = r12_14.fst; + ret[13U] = r12_14.snd; + ret[14U] = r12_14.thd; + ret[15U] = r15_17.fst; + ret[16U] = r15_17.snd; + ret[17U] = r15_17.thd; + ret[18U] = r18_20.fst; + ret[19U] = r18_20.snd; + ret[20U] = r18_20.thd; + ret[21U] = r21_23.fst; + ret[22U] = r21_23.snd; + ret[23U] = r21_23.thd; +} + +static inline void libcrux_ml_kem_vector_portable_serialize_12( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[24U]) { + uint8_t ret0[24U]; + libcrux_ml_kem_vector_portable_serialize_serialize_12(a, ret0); + libcrux_secrets_int_public_integers_declassify_d8_d2(ret0, ret); } /** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +This function found in impl {libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ -static inline void libcrux_ml_kem_vector_portable_serialize_12_0d( +static inline void libcrux_ml_kem_vector_portable_serialize_12_b8( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[24U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_12(a, ret); + libcrux_ml_kem_vector_portable_serialize_12(a, ret); } typedef struct int16_t_x2_s { @@ -7978,66 +6868,59 @@ typedef struct int16_t_x2_s { static KRML_MUSTINLINE int16_t_x2 libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( Eurydice_slice bytes) { - int16_t byte0 = - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *); - int16_t byte1 = - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *); - int16_t byte2 = - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *); + int16_t byte0 = libcrux_secrets_int_as_i16_59( + Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); + int16_t byte1 = libcrux_secrets_int_as_i16_59( + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *)); + int16_t byte2 = libcrux_secrets_int_as_i16_59( + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *)); int16_t r0 = (byte1 & (int16_t)15) << 8U | (byte0 & (int16_t)255); int16_t r1 = byte2 << 4U | (byte1 >> 4U & (int16_t)15); - return (CLITERAL(int16_t_x2){.fst = r0, .snd = r1}); + return (KRML_CLITERAL(int16_t_x2){.fst = r0, .snd = r1}); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { int16_t_x2 v0_1 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)3U, uint8_t)); + Eurydice_slice_subslice3(bytes, (size_t)0U, (size_t)3U, uint8_t *)); int16_t_x2 v2_3 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)3U, (size_t)6U, uint8_t)); + Eurydice_slice_subslice3(bytes, (size_t)3U, (size_t)6U, uint8_t *)); int16_t_x2 v4_5 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)6U, (size_t)9U, uint8_t)); + Eurydice_slice_subslice3(bytes, (size_t)6U, (size_t)9U, uint8_t *)); int16_t_x2 v6_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)9U, (size_t)12U, uint8_t)); + Eurydice_slice_subslice3(bytes, (size_t)9U, (size_t)12U, uint8_t *)); int16_t_x2 v8_9 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)12U, (size_t)15U, uint8_t)); + Eurydice_slice_subslice3(bytes, (size_t)12U, (size_t)15U, uint8_t *)); int16_t_x2 v10_11 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)15U, (size_t)18U, uint8_t)); + Eurydice_slice_subslice3(bytes, (size_t)15U, (size_t)18U, uint8_t *)); int16_t_x2 v12_13 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)18U, (size_t)21U, uint8_t)); + Eurydice_slice_subslice3(bytes, (size_t)18U, (size_t)21U, uint8_t *)); int16_t_x2 v14_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector re = - libcrux_ml_kem_vector_portable_vector_type_zero(); - re.elements[0U] = v0_1.fst; - re.elements[1U] = v0_1.snd; - re.elements[2U] = v2_3.fst; - re.elements[3U] = v2_3.snd; - re.elements[4U] = v4_5.fst; - re.elements[5U] = v4_5.snd; - re.elements[6U] = v6_7.fst; - re.elements[7U] = v6_7.snd; - re.elements[8U] = v8_9.fst; - re.elements[9U] = v8_9.snd; - re.elements[10U] = v10_11.fst; - re.elements[11U] = v10_11.snd; - re.elements[12U] = v12_13.fst; - re.elements[13U] = v12_13.snd; - re.elements[14U] = v14_15.fst; - re.elements[15U] = v14_15.snd; - return re; + Eurydice_slice_subslice3(bytes, (size_t)21U, (size_t)24U, uint8_t *)); + return ( + KRML_CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector){ + .elements = {v0_1.fst, v0_1.snd, v2_3.fst, v2_3.snd, v4_5.fst, + v4_5.snd, v6_7.fst, v6_7.snd, v8_9.fst, v8_9.snd, + v10_11.fst, v10_11.snd, v12_13.fst, v12_13.snd, + v14_15.fst, v14_15.snd}}); +} + +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_12(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_12( + libcrux_secrets_int_classify_public_classify_ref_9b_90(a)); } /** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +This function found in impl {libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_12_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_12(a); +libcrux_ml_kem_vector_portable_deserialize_12_b8(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_deserialize_12(a); } static KRML_MUSTINLINE size_t @@ -8055,46 +6938,16 @@ libcrux_ml_kem_vector_portable_sampling_rej_sample(Eurydice_slice a, uint8_t, uint8_t *); int16_t d1 = (b2 & (int16_t)15) << 8U | b1; int16_t d2 = b3 << 4U | b2 >> 4U; - bool uu____0; - int16_t uu____1; - bool uu____2; - size_t uu____3; - int16_t uu____4; - size_t uu____5; - int16_t uu____6; if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { if (sampled < (size_t)16U) { Eurydice_slice_index(result, sampled, int16_t, int16_t *) = d1; sampled++; - uu____1 = d2; - uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - uu____0 = uu____1 < uu____6; - if (uu____0) { - uu____3 = sampled; - uu____2 = uu____3 < (size_t)16U; - if (uu____2) { - uu____4 = d2; - uu____5 = sampled; - Eurydice_slice_index(result, uu____5, int16_t, int16_t *) = uu____4; - sampled++; - continue; - } - } - continue; } } - uu____1 = d2; - uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - uu____0 = uu____1 < uu____6; - if (uu____0) { - uu____3 = sampled; - uu____2 = uu____3 < (size_t)16U; - if (uu____2) { - uu____4 = d2; - uu____5 = sampled; - Eurydice_slice_index(result, uu____5, int16_t, int16_t *) = uu____4; + if (d2 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { + if (sampled < (size_t)16U) { + Eurydice_slice_index(result, sampled, int16_t, int16_t *) = d2; sampled++; - continue; } } } @@ -8102,45 +6955,45 @@ libcrux_ml_kem_vector_portable_sampling_rej_sample(Eurydice_slice a, } /** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +This function found in impl {libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ -static inline size_t libcrux_ml_kem_vector_portable_rej_sample_0d( +static inline size_t libcrux_ml_kem_vector_portable_rej_sample_b8( Eurydice_slice a, Eurydice_slice out) { return libcrux_ml_kem_vector_portable_sampling_rej_sample(a, out); } -#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 ((size_t)10U) +#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR ((size_t)10U) -#define LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 \ +#define LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE \ (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 / (size_t)8U) + LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR / (size_t)8U) -#define LIBCRUX_ML_KEM_MLKEM768_RANK_768 ((size_t)3U) +#define LIBCRUX_ML_KEM_MLKEM768_RANK ((size_t)3U) -#define LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 * LIBCRUX_ML_KEM_MLKEM768_RANK_768) +#define LIBCRUX_ML_KEM_MLKEM768_C1_SIZE \ + (LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE * LIBCRUX_ML_KEM_MLKEM768_RANK) -#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 ((size_t)4U) +#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR ((size_t)4U) -#define LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768 \ +#define LIBCRUX_ML_KEM_MLKEM768_C2_SIZE \ (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 / (size_t)8U) + LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR / (size_t)8U) -#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 + LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768) +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE \ + (LIBCRUX_ML_KEM_MLKEM768_C1_SIZE + LIBCRUX_ML_KEM_MLKEM768_C2_SIZE) -#define LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ +#define LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE \ + (LIBCRUX_ML_KEM_MLKEM768_RANK * \ LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) -#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 + (size_t)32U) +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE \ + (LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE + (size_t)32U) -#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE \ + (LIBCRUX_ML_KEM_MLKEM768_RANK * \ + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) #define LIBCRUX_ML_KEM_MLKEM768_ETA1 ((size_t)2U) @@ -8155,22 +7008,22 @@ static inline size_t libcrux_ml_kem_vector_portable_rej_sample_0d( #define LIBCRUX_ML_KEM_MLKEM768_IMPLICIT_REJECTION_HASH_INPUT_SIZE \ (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + \ - LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768) + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE) -typedef libcrux_ml_kem_types_MlKemPrivateKey_55 +typedef libcrux_ml_kem_types_MlKemPrivateKey_d9 libcrux_ml_kem_mlkem768_MlKem768PrivateKey; -typedef libcrux_ml_kem_types_MlKemPublicKey_15 +typedef libcrux_ml_kem_types_MlKemPublicKey_30 libcrux_ml_kem_mlkem768_MlKem768PublicKey; -#define LIBCRUX_ML_KEM_MLKEM768_RANKED_BYTES_PER_RING_ELEMENT_768 \ - (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ +#define LIBCRUX_ML_KEM_MLKEM768_RANKED_BYTES_PER_RING_ELEMENT \ + (LIBCRUX_ML_KEM_MLKEM768_RANK * \ LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) -#define LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 + \ - LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 + \ - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + \ +#define LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE \ + (LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE + \ + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE + \ + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + \ LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) /** @@ -8178,51 +7031,65 @@ A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement with types libcrux_ml_kem_vector_portable_vector_type_PortableVector */ -typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_f0_s { +typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_1d_s { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement_f0; +} libcrux_ml_kem_polynomial_PolynomialRingElement_1d; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0; /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ZERO_89_ea(void) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; - lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); - lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); - lit.coefficients[2U] = libcrux_ml_kem_vector_portable_ZERO_0d(); - lit.coefficients[3U] = libcrux_ml_kem_vector_portable_ZERO_0d(); - lit.coefficients[4U] = libcrux_ml_kem_vector_portable_ZERO_0d(); - lit.coefficients[5U] = libcrux_ml_kem_vector_portable_ZERO_0d(); - lit.coefficients[6U] = libcrux_ml_kem_vector_portable_ZERO_0d(); - lit.coefficients[7U] = libcrux_ml_kem_vector_portable_ZERO_0d(); - lit.coefficients[8U] = libcrux_ml_kem_vector_portable_ZERO_0d(); - lit.coefficients[9U] = libcrux_ml_kem_vector_portable_ZERO_0d(); - lit.coefficients[10U] = libcrux_ml_kem_vector_portable_ZERO_0d(); - lit.coefficients[11U] = libcrux_ml_kem_vector_portable_ZERO_0d(); - lit.coefficients[12U] = libcrux_ml_kem_vector_portable_ZERO_0d(); - lit.coefficients[13U] = libcrux_ml_kem_vector_portable_ZERO_0d(); - lit.coefficients[14U] = libcrux_ml_kem_vector_portable_ZERO_0d(); - lit.coefficients[15U] = libcrux_ml_kem_vector_portable_ZERO_0d(); +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d +libcrux_ml_kem_polynomial_ZERO_d6_ea(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d lit; + libcrux_ml_kem_vector_portable_vector_type_PortableVector + repeat_expression[16U]; + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + repeat_expression[i] = libcrux_ml_kem_vector_portable_ZERO_b8(); + } + memcpy(lit.coefficients, repeat_expression, + (size_t)16U * + sizeof(libcrux_ml_kem_vector_portable_vector_type_PortableVector)); return lit; } /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key.closure +This function found in impl {core::ops::function::FnMut<(usize), +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]> for libcrux_ml_kem::ind_cpa::decrypt::closure[TraitClause@0, TraitClause@1]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt.call_mut_0b with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 +- CIPHERTEXT_SIZE= 1088 +- VECTOR_U_ENCODED_SIZE= 960 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_6b(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_ea(); +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d +libcrux_ml_kem_ind_cpa_decrypt_call_mut_0b_42(void **_, size_t tupled_args) { + return libcrux_ml_kem_polynomial_ZERO_d6_ea(); } /** @@ -8231,18 +7098,19 @@ libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_af( +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ea( Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_ea(); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = + libcrux_ml_kem_polynomial_ZERO_d6_ea(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); + Eurydice_slice bytes = + Eurydice_slice_subslice3(serialized, i0 * (size_t)24U, + i0 * (size_t)24U + (size_t)24U, uint8_t *); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_deserialize_12_0d(bytes); + libcrux_ml_kem_vector_portable_deserialize_12_b8(bytes); re.coefficients[i0] = uu____0; } return re; @@ -8252,59 +7120,47 @@ libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_af( Call [`deserialize_to_uncompressed_ring_element`] for each ring element. */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_vector with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_24( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_vector_1b( Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *secret_as_ntt) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_ea(); - } - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_af( - secret_bytes); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ea( + Eurydice_slice_subslice3( + secret_key, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t *)); secret_as_ntt[i0] = uu____0; } - memcpy( - ret, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } /** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- $3size_t +This function found in impl {core::ops::function::FnMut<(usize), +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]> for +libcrux_ml_kem::ind_cpa::deserialize_then_decompress_u::closure[TraitClause@0, TraitClause@1]} */ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8; - /** A monomorphic instance of -libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u.closure with types +libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u.call_mut_35 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_7c(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_ea(); +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_call_mut_35_6c( + void **_, size_t tupled_args) { + return libcrux_ml_kem_polynomial_ZERO_d6_ea(); } /** @@ -8314,35 +7170,38 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_ef( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - int32_t decompressed = (int32_t)v.elements[i0] * - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + int32_t decompressed = + libcrux_secrets_int_as_i32_f5(a.elements[i0]) * + libcrux_secrets_int_as_i32_f5( + libcrux_secrets_int_public_integers_classify_27_39( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)10); decompressed = decompressed >> (uint32_t)((int32_t)10 + (int32_t)1); - v.elements[i0] = (int16_t)decompressed; + a.elements[i0] = libcrux_secrets_int_as_i16_36(decompressed); } - return v; + return a; } /** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +This function found in impl {libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ /** A monomorphic instance of -libcrux_ml_kem.vector.portable.decompress_ciphertext_coefficient_0d with const +libcrux_ml_kem.vector.portable.decompress_ciphertext_coefficient_b8 with const generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b( - v); +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_b8_ef( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_ef( + a); } /** @@ -8351,84 +7210,21 @@ libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_2c( +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d +libcrux_ml_kem_serialize_deserialize_then_decompress_10_ea( Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_ea(); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = + libcrux_ml_kem_polynomial_ZERO_d6_ea(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); + Eurydice_slice bytes = + Eurydice_slice_subslice3(serialized, i0 * (size_t)20U, + i0 * (size_t)20U + (size_t)20U, uint8_t *); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); + libcrux_ml_kem_vector_portable_deserialize_10_b8(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a( - coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.portable.compress.decompress_ciphertext_coefficient with -const generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b0( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - int32_t decompressed = (int32_t)v.elements[i0] * - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)11); - decompressed = decompressed >> (uint32_t)((int32_t)11 + (int32_t)1); - v.elements[i0] = (int16_t)decompressed; - } - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.portable.decompress_ciphertext_coefficient_0d with const -generics -- COEFFICIENT_BITS= 11 -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a0( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b0( - v); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_8d( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_ea(); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); - libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a0( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_b8_ef( coefficient); re.coefficients[i0] = uu____0; } @@ -8441,10 +7237,10 @@ libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_34( +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_0a( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_2c(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_ea(serialized); } typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s { @@ -8452,19 +7248,6 @@ typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s { libcrux_ml_kem_vector_portable_vector_type_PortableVector snd; } libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2; -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.montgomery_multiply_fe -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics - -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_montgomery_multiply_fe_67( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { - return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, - fer); -} - /** A monomorphic instance of libcrux_ml_kem.ntt.ntt_layer_int_vec_step with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8473,17 +7256,18 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_0c( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_ea( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe_67(b, zeta_r); - b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); - a = libcrux_ml_kem_vector_portable_add_0d(a, &t); - return ( - CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ - .fst = a, .snd = b}); + libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_b8(b, + zeta_r); + b = libcrux_ml_kem_vector_portable_sub_b8(a, &t); + a = libcrux_ml_kem_vector_portable_add_b8(a, &t); + return (KRML_CLITERAL( + libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){.fst = a, + .snd = b}); } /** @@ -8492,8 +7276,8 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ea( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { @@ -8505,9 +7289,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_0c( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_ea( re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_polynomial_zeta(zeta_i[0U])); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; libcrux_ml_kem_vector_portable_vector_type_PortableVector y = uu____0.snd; re->coefficients[j] = x; @@ -8522,16 +7306,16 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_fd( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, - size_t _layer, size_t _initial_coefficient_bound) { +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_ea( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, + size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_ntt_layer_3_step_0d( + libcrux_ml_kem_vector_portable_ntt_layer_3_step_b8( re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_polynomial_zeta(zeta_i[0U])); re->coefficients[round] = uu____0; } } @@ -8542,18 +7326,16 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_ad( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, - size_t _layer, size_t _initial_coefficient_bound) { +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_ea( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, + size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; re->coefficients[round] = - libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U]); + libcrux_ml_kem_vector_portable_ntt_layer_2_step_b8( + re->coefficients[round], libcrux_ml_kem_polynomial_zeta(zeta_i[0U]), + libcrux_ml_kem_polynomial_zeta(zeta_i[0U] + (size_t)1U)); zeta_i[0U] = zeta_i[0U] + (size_t)1U; } } @@ -8564,69 +7346,77 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_a2( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, - size_t _layer, size_t _initial_coefficient_bound) { +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_ea( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, + size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; re->coefficients[round] = - libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)3U]); + libcrux_ml_kem_vector_portable_ntt_layer_1_step_b8( + re->coefficients[round], libcrux_ml_kem_polynomial_zeta(zeta_i[0U]), + libcrux_ml_kem_polynomial_zeta(zeta_i[0U] + (size_t)1U), + libcrux_ml_kem_polynomial_zeta(zeta_i[0U] + (size_t)2U), + libcrux_ml_kem_polynomial_zeta(zeta_i[0U] + (size_t)3U)); zeta_i[0U] = zeta_i[0U] + (size_t)3U; } } /** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_8b( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ea( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_barrett_reduce_0d( - self->coefficients[i0]); - self->coefficients[i0] = uu____0; + libcrux_ml_kem_vector_portable_barrett_reduce_b8( + myself->coefficients[i0]); + myself->coefficients[i0] = uu____0; } } +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_d6 +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics + +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_ea( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self) { + libcrux_ml_kem_polynomial_poly_barrett_reduce_ea(self); +} + /** A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_9f( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_0a( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)7U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)6U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)5U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)4U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_fd(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_ad(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_a2(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_8b(re); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ea(&zeta_i, re, (size_t)7U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ea(&zeta_i, re, (size_t)6U, + (size_t)2U * (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ea(&zeta_i, re, (size_t)5U, + (size_t)3U * (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ea(&zeta_i, re, (size_t)4U, + (size_t)4U * (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_3_ea(&zeta_i, re, (size_t)5U * (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_ea(&zeta_i, re, (size_t)6U * (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_ea(&zeta_i, re, (size_t)7U * (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_ea(re); } /** @@ -8642,12 +7432,16 @@ with const generics - U_COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_f4( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_6c( uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_ea(); + /* original Rust expression is not an lvalue in C */ + void *lvalue = (void *)0U; + u_as_ntt[i] = + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_call_mut_35_6c( + &lvalue, i); } for (size_t i = (size_t)0U; i < Eurydice_slice_len( @@ -8657,7 +7451,7 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_f4( (size_t)10U / (size_t)8U); i++) { size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice2( + Eurydice_slice u_bytes = Eurydice_array_to_subslice3( ciphertext, i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), @@ -8665,15 +7459,15 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_f4( (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, - uint8_t); + uint8_t *); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_34( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_0a( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_9f(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_0a(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); } /** @@ -8683,35 +7477,38 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b1( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_d1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - int32_t decompressed = (int32_t)v.elements[i0] * - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + int32_t decompressed = + libcrux_secrets_int_as_i32_f5(a.elements[i0]) * + libcrux_secrets_int_as_i32_f5( + libcrux_secrets_int_public_integers_classify_27_39( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)4); decompressed = decompressed >> (uint32_t)((int32_t)4 + (int32_t)1); - v.elements[i0] = (int16_t)decompressed; + a.elements[i0] = libcrux_secrets_int_as_i16_36(decompressed); } - return v; + return a; } /** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +This function found in impl {libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ /** A monomorphic instance of -libcrux_ml_kem.vector.portable.decompress_ciphertext_coefficient_0d with const +libcrux_ml_kem.vector.portable.decompress_ciphertext_coefficient_b8 with const generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a1( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b1( - v); +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_b8_d1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_d1( + a); } /** @@ -8720,100 +7517,57 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_41( +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d +libcrux_ml_kem_serialize_deserialize_then_decompress_4_ea( Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_ea(); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = + libcrux_ml_kem_polynomial_ZERO_d6_ea(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); + Eurydice_slice bytes = Eurydice_slice_subslice3( + serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t *); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); + libcrux_ml_kem_vector_portable_deserialize_4_b8(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a1( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_b8_d1( coefficient); re.coefficients[i0] = uu____0; } return re; } -/** -A monomorphic instance of -libcrux_ml_kem.vector.portable.compress.decompress_ciphertext_coefficient with -const generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b2( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - int32_t decompressed = (int32_t)v.elements[i0] * - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)5); - decompressed = decompressed >> (uint32_t)((int32_t)5 + (int32_t)1); - v.elements[i0] = (int16_t)decompressed; - } - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.portable.decompress_ciphertext_coefficient_0d with const -generics -- COEFFICIENT_BITS= 5 -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a2( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b2( - v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_5 -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_4e( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_ea(); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); - re.coefficients[i0] = - libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a2( - re.coefficients[i0]); - re.coefficients[i0] = uu____1; - } - return re; -} - /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- K= 3 - COMPRESSION_FACTOR= 4 */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_56( +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_89( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_41(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_ea(serialized); +} + +/** +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics + +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d +libcrux_ml_kem_polynomial_ZERO_ea(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d lit; + libcrux_ml_kem_vector_portable_vector_type_PortableVector + repeat_expression[16U]; + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + repeat_expression[i] = libcrux_ml_kem_vector_portable_ZERO_b8(); + } + memcpy(lit.coefficients, repeat_expression, + (size_t)16U * + sizeof(libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + return lit; } /** @@ -8844,97 +7598,115 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_56( . */ /** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ntt_multiply_89_2a( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = - libcrux_ml_kem_polynomial_ZERO_89_ea(); +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d +libcrux_ml_kem_polynomial_ntt_multiply_ea( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d out = + libcrux_ml_kem_polynomial_ZERO_ea(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_ntt_multiply_0d( - &self->coefficients[i0], &rhs->coefficients[i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)3U]); + libcrux_ml_kem_vector_portable_ntt_multiply_b8( + &myself->coefficients[i0], &rhs->coefficients[i0], + libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0), + libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0 + + (size_t)1U), + libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0 + + (size_t)2U), + libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0 + + (size_t)3U)); out.coefficients[i0] = uu____0; } return out; } +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_d6 +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d +libcrux_ml_kem_polynomial_ntt_multiply_d6_ea( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) { + return libcrux_ml_kem_polynomial_ntt_multiply_ea(self, rhs); +} + /** Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise sum of their constituent coefficients. */ /** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_84( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_1b( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) { for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( - (size_t)16U, self->coefficients, + (size_t)16U, myself->coefficients, libcrux_ml_kem_vector_portable_vector_type_PortableVector), libcrux_ml_kem_vector_portable_vector_type_PortableVector); i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_add_0d(self->coefficients[i0], + libcrux_ml_kem_vector_portable_add_b8(myself->coefficients[i0], &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; + myself->coefficients[i0] = uu____0; } } +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_d6 +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_d6_1b( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) { + libcrux_ml_kem_polynomial_add_to_ring_element_1b(self, rhs); +} + /** A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_83( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, - size_t _layer) { +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_ea( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; re->coefficients[round] = - libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)3U]); + libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_b8( + re->coefficients[round], libcrux_ml_kem_polynomial_zeta(zeta_i[0U]), + libcrux_ml_kem_polynomial_zeta(zeta_i[0U] - (size_t)1U), + libcrux_ml_kem_polynomial_zeta(zeta_i[0U] - (size_t)2U), + libcrux_ml_kem_polynomial_zeta(zeta_i[0U] - (size_t)3U)); zeta_i[0U] = zeta_i[0U] - (size_t)3U; } } @@ -8945,18 +7717,15 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_c3( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, - size_t _layer) { +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ea( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; re->coefficients[round] = - libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U]); + libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_b8( + re->coefficients[round], libcrux_ml_kem_polynomial_zeta(zeta_i[0U]), + libcrux_ml_kem_polynomial_zeta(zeta_i[0U] - (size_t)1U)); zeta_i[0U] = zeta_i[0U] - (size_t)1U; } } @@ -8967,16 +7736,15 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_68( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, - size_t _layer) { +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_ea( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( + libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_b8( re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_polynomial_zeta(zeta_i[0U])); re->coefficients[round] = uu____0; } } @@ -8989,18 +7757,19 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_65( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_ea( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector a_minus_b = - libcrux_ml_kem_vector_portable_sub_0d(b, &a); - a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( - libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_67(a_minus_b, zeta_r); - return ( - CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ - .fst = a, .snd = b}); + libcrux_ml_kem_vector_portable_sub_b8(b, &a); + a = libcrux_ml_kem_vector_portable_barrett_reduce_b8( + libcrux_ml_kem_vector_portable_add_b8(a, &b)); + b = libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_b8( + a_minus_b, zeta_r); + return (KRML_CLITERAL( + libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){.fst = a, + .snd = b}); } /** @@ -9010,8 +7779,8 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_6e( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_ea( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { @@ -9025,9 +7794,9 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_6e( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_65( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_ea( re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_polynomial_zeta(zeta_i[0U])); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; libcrux_ml_kem_vector_portable_vector_type_PortableVector y = uu____0.snd; re->coefficients[j] = x; @@ -9042,54 +7811,69 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_f6( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_1b( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_83(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_c3(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_68(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_6e(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_ea(&zeta_i, re); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ea(&zeta_i, re); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_ea(&zeta_i, re); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_ea(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_6e(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_ea(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_6e(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_ea(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_6e(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_ea(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_8b(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_ea(re); } /** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_subtract_reduce_89_d4( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d +libcrux_ml_kem_polynomial_subtract_reduce_ea( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_normal_form = - libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( + libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_b8( b.coefficients[i0], (int16_t)1441); - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_barrett_reduce_0d( - libcrux_ml_kem_vector_portable_sub_0d(self->coefficients[i0], - &coefficient_normal_form)); - b.coefficients[i0] = uu____0; + libcrux_ml_kem_vector_portable_vector_type_PortableVector diff = + libcrux_ml_kem_vector_portable_sub_b8(myself->coefficients[i0], + &coefficient_normal_form); + libcrux_ml_kem_vector_portable_vector_type_PortableVector red = + libcrux_ml_kem_vector_portable_barrett_reduce_b8(diff); + b.coefficients[i0] = red; } return b; } +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_d6 +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d +libcrux_ml_kem_polynomial_subtract_reduce_d6_ea( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d b) { + return libcrux_ml_kem_polynomial_subtract_reduce_ea(self, b); +} + /** The following functions compute various expressions involving vectors and matrices. The computation of these expressions has been @@ -9102,71 +7886,34 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_message_b3( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_ea(); +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d +libcrux_ml_kem_matrix_compute_message_1b( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d result = + libcrux_ml_kem_polynomial_ZERO_d6_ea(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_2a(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_PolynomialRingElement_1d product = + libcrux_ml_kem_polynomial_ntt_multiply_d6_ea(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_84(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_d6_1b(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_f6(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_89_d4(v, result); - return result; + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_1b(&result); + return libcrux_ml_kem_polynomial_subtract_reduce_d6_ea(v, result); } /** -A monomorphic instance of libcrux_ml_kem.vector.portable.arithmetic.shift_right +A monomorphic instance of libcrux_ml_kem.serialize.to_unsigned_field_modulus +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- SHIFT_BY= 15 + */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_shift_right_94( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - v.elements[i0] = v.elements[i0] >> (uint32_t)(int32_t)15; - } - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.portable.shift_right_0d -with const generics -- SHIFT_BY= 15 -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_shift_right_0d_19( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_shift_right_94(v); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.traits.to_unsigned_representative with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_unsigned_representative_db( +libcrux_ml_kem_serialize_to_unsigned_field_modulus_ea( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_portable_shift_right_0d_19(a); - libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = - libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( - t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_ml_kem_vector_portable_add_0d(a, &fm); + return libcrux_ml_kem_vector_portable_to_unsigned_representative_b8(a); } /** @@ -9176,24 +7923,24 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_aa( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { +libcrux_ml_kem_serialize_compress_then_serialize_message_ea( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_db( + libcrux_ml_kem_serialize_to_unsigned_field_modulus_ea( re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = - libcrux_ml_kem_vector_portable_compress_1_0d(coefficient); + libcrux_ml_kem_vector_portable_compress_1_b8(coefficient); uint8_t bytes[2U]; - libcrux_ml_kem_vector_portable_serialize_1_0d(coefficient_compressed, + libcrux_ml_kem_vector_portable_serialize_1_b8(coefficient_compressed, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t); Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)2U, bytes, uint8_t), uint8_t); + Eurydice_array_to_subslice3(serialized, (size_t)2U * i0, + (size_t)2U * i0 + (size_t)2U, uint8_t *), + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } @@ -9232,20 +7979,21 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_6d( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_decrypt_unpacked_42( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_f4(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_56( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d u_as_ntt[3U]; + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_6c(ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d v = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_89( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - libcrux_ml_kem_matrix_compute_message_b3(&v, secret_key->secret_as_ntt, + (size_t)960U, uint8_t, size_t, + uint8_t[])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d message = + libcrux_ml_kem_matrix_compute_message_1b(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_aa(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_ea(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -9259,37 +8007,37 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_43(Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_24(secret_key, secret_as_ntt); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_decrypt_42( + Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 secret_key_unpacked; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret0[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + /* original Rust expression is not an lvalue in C */ + void *lvalue = (void *)0U; + ret0[i] = libcrux_ml_kem_ind_cpa_decrypt_call_mut_0b_42(&lvalue, i); + } memcpy( - secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_6d(&secret_key_unpacked, ciphertext, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + secret_key_unpacked.secret_as_ntt, ret0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); + libcrux_ml_kem_ind_cpa_deserialize_vector_1b( + secret_key, secret_key_unpacked.secret_as_ntt); + uint8_t ret1[32U]; + libcrux_ml_kem_ind_cpa_decrypt_unpacked_42(&secret_key_unpacked, ciphertext, + ret1); + memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t)); } /** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::portable::PortableHash)} +This function found in impl {libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::portable::PortableHash} */ /** -A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 +A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_4a with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G_f1_e4( +static inline void libcrux_ml_kem_hash_functions_portable_G_4a_e0( Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -9299,7 +8047,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_2b( +static inline void libcrux_ml_kem_hash_functions_portable_PRF_9e( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( @@ -9308,31 +8056,69 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_2b( } /** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::portable::PortableHash)} +This function found in impl {libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::portable::PortableHash} */ /** -A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF_f1 +A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF_4a with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_ee( +static inline void libcrux_ml_kem_hash_functions_portable_PRF_4a_41( Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_PRF_2b(input, ret); + libcrux_ml_kem_hash_functions_portable_PRF_9e(input, ret); } /** A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- PUBLIC_KEY_SIZE= 1152 +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d t_as_ntt[3U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d A[3U][3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0; + +/** +This function found in impl {core::default::Default for +libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@1]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8b +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics - K= 3 */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_cd( - size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_ea(); +static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 +libcrux_ml_kem_ind_cpa_unpacked_default_8b_1b(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + uu____0[i] = libcrux_ml_kem_polynomial_ZERO_d6_ea(); + } + uint8_t uu____1[32U] = {0U}; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 lit; + memcpy( + lit.t_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); + memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d repeat_expression0[3U][3U]; + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d repeat_expression[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + repeat_expression[i] = libcrux_ml_kem_polynomial_ZERO_d6_ea(); + } + memcpy(repeat_expression0[i0], repeat_expression, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); + } + memcpy(lit.A, repeat_expression0, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U])); + return lit; } /** @@ -9347,90 +8133,54 @@ libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_4c( +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ea( Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_ea(); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = + libcrux_ml_kem_polynomial_ZERO_d6_ea(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); + Eurydice_slice bytes = + Eurydice_slice_subslice3(serialized, i0 * (size_t)24U, + i0 * (size_t)24U + (size_t)24U, uint8_t *); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_deserialize_12_0d(bytes); + libcrux_ml_kem_vector_portable_deserialize_12_b8(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_cond_subtract_3329_0d(coefficient); + libcrux_ml_kem_vector_portable_cond_subtract_3329_b8(coefficient); re.coefficients[i0] = uu____0; } return re; } /** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. + See [deserialize_ring_elements_reduced_out]. */ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- PUBLIC_KEY_SIZE= 1152 - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_33( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_1b( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_ea(); - } + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *deserialized_pk) { for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( + Eurydice_slice ring_element = Eurydice_slice_subslice3( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_4c( + uint8_t *); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ea( ring_element); deserialized_pk[i0] = uu____0; } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure.closure -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_78(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_ea(); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -*/ -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_4b( - size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_ea(); - } } /** @@ -9438,67 +8188,61 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PortableHash with const generics - $3size_t */ -typedef struct libcrux_ml_kem_hash_functions_portable_PortableHash_58_s { - libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; -} libcrux_ml_kem_hash_functions_portable_PortableHash_58; +typedef struct libcrux_ml_kem_hash_functions_portable_PortableHash_88_s { + libcrux_sha3_generic_keccak_KeccakState_17 shake128_state[3U]; +} libcrux_ml_kem_hash_functions_portable_PortableHash_88; /** A monomorphic instance of -libcrux_ml_kem.hash_functions.portable.shake128_init_absorb with const generics +libcrux_ml_kem.hash_functions.portable.shake128_init_absorb_final with const +generics - K= 3 */ -static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58 -libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_b7( - uint8_t input[3U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; +static inline libcrux_ml_kem_hash_functions_portable_PortableHash_88 +libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_e0( + uint8_t (*input)[34U]) { + libcrux_ml_kem_hash_functions_portable_PortableHash_88 shake128_state; + libcrux_sha3_generic_keccak_KeccakState_17 repeat_expression[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - shake128_state[i] = libcrux_sha3_portable_incremental_shake128_init(); + repeat_expression[i] = libcrux_sha3_portable_incremental_shake128_init(); } + memcpy(shake128_state.shake128_state, repeat_expression, + (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_17)); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_sha3_portable_incremental_shake128_absorb_final( - &shake128_state[i0], + &shake128_state.shake128_state[i0], Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t)); } - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[3U]; - memcpy(copy_of_shake128_state, shake128_state, - (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); - libcrux_ml_kem_hash_functions_portable_PortableHash_58 lit; - memcpy(lit.shake128_state, copy_of_shake128_state, - (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); - return lit; + return shake128_state; } /** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::portable::PortableHash)} +This function found in impl {libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::portable::PortableHash} */ /** A monomorphic instance of -libcrux_ml_kem.hash_functions.portable.shake128_init_absorb_f1 with const +libcrux_ml_kem.hash_functions.portable.shake128_init_absorb_final_4a with const generics - K= 3 */ -static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58 -libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_f1_8c( - uint8_t input[3U][34U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_input[3U][34U]; - memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_b7( - copy_of_input); +static inline libcrux_ml_kem_hash_functions_portable_PortableHash_88 +libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_4a_e0( + uint8_t (*input)[34U]) { + return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_e0( + input); } /** A monomorphic instance of -libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks with const -generics +libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with +const generics - K= 3 */ -static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_ca( - libcrux_ml_kem_hash_functions_portable_PortableHash_58 *st, +static inline void +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_e0( + libcrux_ml_kem_hash_functions_portable_PortableHash_88 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -9511,21 +8255,21 @@ libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_ca( } /** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::portable::PortableHash)} +This function found in impl {libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::portable::PortableHash} */ /** A monomorphic instance of -libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks_f1 with -const generics +libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_4a +with const generics - K= 3 */ -static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_f1_69( - libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self, +static inline void +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_4a_e0( + libcrux_ml_kem_hash_functions_portable_PortableHash_88 *self, uint8_t ret[3U][504U]) { - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_ca(self, - ret); + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_e0( + self, ret); } /** @@ -9577,8 +8321,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 504 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_db( - uint8_t randomness[3U][504U], size_t *sampled_coefficients, +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_89( + uint8_t (*randomness)[504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; @@ -9586,15 +8330,15 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_db( size_t r = i; if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(randomness[i1], r * (size_t)24U, - r * (size_t)24U + (size_t)24U, uint8_t); - size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_b8( + Eurydice_array_to_subslice3(randomness[i1], r * (size_t)24U, + r * (size_t)24U + (size_t)24U, + uint8_t *), + Eurydice_array_to_subslice3(out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, + int16_t *)); + size_t uu____0 = i1; + sampled_coefficients[uu____0] = sampled_coefficients[uu____0] + sampled; } } } @@ -9614,13 +8358,13 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_db( /** A monomorphic instance of -libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block with const +libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 3 */ -static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_dd( - libcrux_ml_kem_hash_functions_portable_PortableHash_58 *st, +static inline void +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_e0( + libcrux_ml_kem_hash_functions_portable_PortableHash_88 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -9633,20 +8377,21 @@ libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_dd( } /** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::portable::PortableHash)} +This function found in impl {libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::portable::PortableHash} */ /** A monomorphic instance of -libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block_f1 with const +libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_4a with const generics - K= 3 */ -static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_f1_60( - libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self, +static inline void +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_4a_e0( + libcrux_ml_kem_hash_functions_portable_PortableHash_88 *self, uint8_t ret[3U][168U]) { - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_dd(self, ret); + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_e0(self, + ret); } /** @@ -9698,8 +8443,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 168 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_db0( - uint8_t randomness[3U][168U], size_t *sampled_coefficients, +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_890( + uint8_t (*randomness)[168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; @@ -9707,15 +8452,15 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_db0( size_t r = i; if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(randomness[i1], r * (size_t)24U, - r * (size_t)24U + (size_t)24U, uint8_t); - size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_b8( + Eurydice_array_to_subslice3(randomness[i1], r * (size_t)24U, + r * (size_t)24U + (size_t)24U, + uint8_t *), + Eurydice_array_to_subslice3(out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, + int16_t *)); + size_t uu____0 = i1; + sampled_coefficients[uu____0] = sampled_coefficients[uu____0] + sampled; } } } @@ -9734,42 +8479,64 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_db0( } /** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_from_i16_array_89_c1(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_ea(); +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d +libcrux_ml_kem_polynomial_from_i16_array_ea(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d result = + libcrux_ml_kem_polynomial_ZERO_ea(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_from_i16_array_0d( - Eurydice_slice_subslice2(a, i0 * (size_t)16U, - (i0 + (size_t)1U) * (size_t)16U, int16_t)); + libcrux_ml_kem_vector_portable_from_i16_array_b8( + Eurydice_slice_subslice3(a, i0 * (size_t)16U, + (i0 + (size_t)1U) * (size_t)16U, + int16_t *)); result.coefficients[i0] = uu____0; } return result; } /** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_d6 +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d +libcrux_ml_kem_polynomial_from_i16_array_d6_ea(Eurydice_slice a) { + return libcrux_ml_kem_polynomial_from_i16_array_ea(a); +} + +/** +This function found in impl {core::ops::function::FnMut<(@Array), +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@2]> for libcrux_ml_kem::sampling::sample_from_xof::closure[TraitClause@0, TraitClause@1, TraitClause@2, TraitClause@3]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.call_mut_e7 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_xof_closure_04(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_89_c1( - Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d +libcrux_ml_kem_sampling_sample_from_xof_call_mut_e7_2b( + void **_, int16_t tupled_args[272U]) { + int16_t s[272U]; + memcpy(s, tupled_args, (size_t)272U * sizeof(int16_t)); + return libcrux_ml_kem_polynomial_from_i16_array_d6_ea( + Eurydice_array_to_subslice3(s, (size_t)0U, (size_t)256U, int16_t *)); } /** @@ -9779,51 +8546,43 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_3f( - uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2b( + uint8_t (*seeds)[34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]) { size_t sampled_coefficients[3U] = {0U}; int16_t out[3U][272U] = {{0U}}; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[3U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_ml_kem_hash_functions_portable_PortableHash_58 xof_state = - libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_f1_8c( - copy_of_seeds); + libcrux_ml_kem_hash_functions_portable_PortableHash_88 xof_state = + libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_4a_e0( + seeds); uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_f1_69( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_4a_e0( &xof_state, randomness0); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness0[3U][504U]; - memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_db( - copy_of_randomness0, sampled_coefficients, out); + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_89( + randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_f1_60( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_4a_e0( &xof_state, randomness); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[3U][168U]; - memcpy(copy_of_randomness, randomness, - (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_db0( - copy_of_randomness, sampled_coefficients, out); + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_890( + randomness, sampled_coefficients, out); } } /* Passing arrays by value in Rust generates a copy in C */ int16_t copy_of_out[3U][272U]; memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret0[i] = - libcrux_ml_kem_sampling_sample_from_xof_closure_04(copy_of_out[i]); + /* original Rust expression is not an lvalue in C */ + void *lvalue = (void *)0U; + ret0[i] = libcrux_ml_kem_sampling_sample_from_xof_call_mut_e7_2b( + &lvalue, copy_of_out[i]); } memcpy( ret, ret0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); } /** @@ -9833,41 +8592,32 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_38( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_4b(i, A_transpose[i]); - } +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_2b( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d (*A_transpose)[3U], + uint8_t *seed, bool transpose) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed[34U]; - memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[3U][34U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t)); + core_array__core__clone__Clone_for__Array_T__N___clone( + (size_t)34U, seed, seeds[i], uint8_t, void *); } for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j; } - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[3U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_3f(copy_of_seeds, sampled); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d sampled[3U]; + libcrux_ml_kem_sampling_sample_from_xof_2b(seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d), + libcrux_ml_kem_polynomial_PolynomialRingElement_1d); i++) { size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample = sampled[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d sample = sampled[j]; if (transpose) { A_transpose[j][i1] = sample; } else { @@ -9875,35 +8625,91 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_38( } } } - memcpy(ret, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.build_unpacked_public_key_mut +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const +generics +- K= 3 +- T_AS_NTT_ENCODED_SIZE= 1152 +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_ind_cpa_build_unpacked_public_key_mut_3f( + Eurydice_slice public_key, + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 + *unpacked_public_key) { + Eurydice_slice uu____0 = Eurydice_slice_subslice_to( + public_key, (size_t)1152U, uint8_t, size_t, uint8_t[]); + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_1b( + uu____0, unpacked_public_key->t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1152U, uint8_t, size_t, uint8_t[]); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____1)[3U] = + unpacked_public_key->A; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_b6(seed, ret); + libcrux_ml_kem_matrix_sample_matrix_A_2b(uu____1, ret, false); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.build_unpacked_public_key +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const +generics +- K= 3 +- T_AS_NTT_ENCODED_SIZE= 1152 +*/ +static KRML_MUSTINLINE + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 + libcrux_ml_kem_ind_cpa_build_unpacked_public_key_3f( + Eurydice_slice public_key) { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 + unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8b_1b(); + libcrux_ml_kem_ind_cpa_build_unpacked_public_key_mut_3f(public_key, + &unpacked_public_key); + return unpacked_public_key; } /** A monomorphic instance of K. with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_portable_vector_type_PortableVector[3size_t], uint8_t +libcrux_ml_kem_vector_portable_vector_type_PortableVector[3size_t], +libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_portable_vector_type_PortableVector */ -typedef struct tuple_b0_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 fst[3U]; - uint8_t snd; -} tuple_b0; +typedef struct tuple_ed_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d fst[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d snd; +} tuple_ed; /** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt.closure with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector, +This function found in impl {core::ops::function::FnMut<(usize), +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@2]> for libcrux_ml_kem::ind_cpa::encrypt_c1::closure[TraitClause@0, TraitClause@1, TraitClause@2, +TraitClause@3]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_c1.call_mut_f1 +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 -- ETA= 2 -- ETA_RANDOMNESS_SIZE= 128 +- C1_LEN= 960 +- U_COMPRESSION_FACTOR= 10 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_f7(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_ea(); +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d +libcrux_ml_kem_ind_cpa_encrypt_c1_call_mut_f1_85(void **_, size_t tupled_args) { + return libcrux_ml_kem_polynomial_ZERO_d6_ea(); } /** @@ -9912,7 +8718,7 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_c5( +static inline void libcrux_ml_kem_hash_functions_portable_PRFxN_41( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -9925,18 +8731,18 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_c5( } /** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::portable::PortableHash)} +This function found in impl {libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::portable::PortableHash} */ /** -A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRFxN_f1 +A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRFxN_4a with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_93( +static inline void libcrux_ml_kem_hash_functions_portable_PRFxN_4a_41( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - libcrux_ml_kem_hash_functions_portable_PRFxN_c5(input, ret); + libcrux_ml_kem_hash_functions_portable_PRFxN_41(input, ret); } /** @@ -9994,16 +8800,16 @@ libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_85( +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_ea( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice2( + Eurydice_slice byte_chunk = Eurydice_slice_subslice3( randomness, chunk_number * (size_t)4U, - chunk_number * (size_t)4U + (size_t)4U, uint8_t); + chunk_number * (size_t)4U + (size_t)4U, uint8_t *); uint32_t random_bits_as_u32 = (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t *) | @@ -10019,7 +8825,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_85( uint32_t even_bits = random_bits_as_u32 & 1431655765U; uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; uint32_t coin_toss_outcomes = even_bits + odd_bits; - for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { + for (uint32_t i = 0U; i < 32U / 4U; i++) { uint32_t outcome_set = i; uint32_t outcome_set0 = outcome_set * 4U; int16_t outcome_1 = @@ -10030,52 +8836,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_85( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_c1( - Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_eb( - Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice2( - randomness, chunk_number * (size_t)3U, - chunk_number * (size_t)3U + (size_t)3U, uint8_t); - uint32_t random_bits_as_u24 = - ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *) - << 8U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *) - << 16U; - uint32_t first_bits = random_bits_as_u24 & 2396745U; - uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; - uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; - uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; - for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { - int32_t outcome_set = i; - int32_t outcome_set0 = outcome_set * (int32_t)6; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); - int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> - (uint32_t)(outcome_set0 + (int32_t)3) & - 7U); - size_t offset = (size_t)(outcome_set0 / (int32_t)6); - sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return libcrux_ml_kem_polynomial_from_i16_array_89_c1( + return libcrux_ml_kem_polynomial_from_i16_array_d6_ea( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -10085,10 +8846,10 @@ libcrux_ml_kem.sampling.sample_from_binomial_distribution with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_c6( +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d +libcrux_ml_kem_sampling_sample_from_binomial_distribution_a0( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_85( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_ea( randomness); } @@ -10098,18 +8859,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_f4( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_ea( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_portable_multiply_by_constant_0d( + libcrux_ml_kem_vector_portable_multiply_by_constant_b8( re->coefficients[j + step], (int16_t)-1600); re->coefficients[j + step] = - libcrux_ml_kem_vector_portable_sub_0d(re->coefficients[j], &t); + libcrux_ml_kem_vector_portable_sub_b8(re->coefficients[j], &t); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - libcrux_ml_kem_vector_portable_add_0d(re->coefficients[j], &t); + libcrux_ml_kem_vector_portable_add_b8(re->coefficients[j], &t); re->coefficients[j] = uu____1; } } @@ -10121,20 +8882,23 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_0f( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_f4(re); +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_ea( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) { + libcrux_ml_kem_ntt_ntt_at_layer_7_ea(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)6U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)5U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)4U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_fd(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_ad(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_a2(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_8b(re); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ea(&zeta_i, re, (size_t)6U, + (size_t)11207U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ea(&zeta_i, re, (size_t)5U, + (size_t)11207U + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ea( + &zeta_i, re, (size_t)4U, (size_t)11207U + (size_t)2U * (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_3_ea( + &zeta_i, re, (size_t)11207U + (size_t)3U * (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_ea( + &zeta_i, re, (size_t)11207U + (size_t)4U * (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_ea( + &zeta_i, re, (size_t)11207U + (size_t)5U * (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_ea(re); } /** @@ -10150,59 +8914,54 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_fc(uint8_t prf_input[33U], - uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_ea(); - } - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); +static KRML_MUSTINLINE uint8_t +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3b( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re_as_ntt, + uint8_t *prf_input, uint8_t domain_separator) { uint8_t prf_inputs[3U][33U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; + core_array__core__clone__Clone_for__Array_T__N___clone( + (size_t)33U, prf_input, prf_inputs[i], uint8_t, void *); } + domain_separator = + libcrux_ml_kem_utils_prf_input_inc_e0(prf_inputs, domain_separator); uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_portable_PRFxN_f1_93(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_portable_PRFxN_4a_41(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; re_as_ntt[i0] = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_c6( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_a0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_0f(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_ea(&re_as_ntt[i0]); } - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; - memcpy( - copy_of_re_as_ntt, re_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_b0 lit; - memcpy( - lit.fst, copy_of_re_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - lit.snd = domain_separator; - return lit; + return domain_separator; } /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd.closure +This function found in impl {core::ops::function::FnMut<(usize), +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@2]> for libcrux_ml_kem::ind_cpa::encrypt_c1::closure#1[TraitClause@0, TraitClause@1, TraitClause@2, +TraitClause@3]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_c1.call_mut_dd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 -- ETA2_RANDOMNESS_SIZE= 128 +- C1_LEN= 960 +- U_COMPRESSION_FACTOR= 10 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_77(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_ea(); +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d +libcrux_ml_kem_ind_cpa_encrypt_c1_call_mut_dd_85(void **_, size_t tupled_args) { + return libcrux_ml_kem_polynomial_ZERO_d6_ea(); } /** @@ -10217,45 +8976,27 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - ETA2= 2 */ -static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_ac(uint8_t prf_input[33U], - uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_ea(); - } - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); +static KRML_MUSTINLINE uint8_t +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_3b( + uint8_t *prf_input, uint8_t domain_separator, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error_1) { uint8_t prf_inputs[3U][33U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; + core_array__core__clone__Clone_for__Array_T__N___clone( + (size_t)33U, prf_input, prf_inputs[i], uint8_t, void *); } + domain_separator = + libcrux_ml_kem_utils_prf_input_inc_e0(prf_inputs, domain_separator); uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_portable_PRFxN_f1_93(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_portable_PRFxN_4a_41(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_c6( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution_a0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - error_1[i0] = uu____1; + error_1[i0] = uu____0; } - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[3U]; - memcpy( - copy_of_error_1, error_1, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_b0 lit; - memcpy( - lit.fst, copy_of_error_1, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - lit.snd = domain_separator; - return lit; + return domain_separator; } /** @@ -10263,7 +9004,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_2b0( +static inline void libcrux_ml_kem_hash_functions_portable_PRF_a6( Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( @@ -10272,59 +9013,80 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_2b0( } /** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::portable::PortableHash)} +This function found in impl {libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::portable::PortableHash} */ /** -A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF_f1 +A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF_4a with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_ee0( +static inline void libcrux_ml_kem_hash_functions_portable_PRF_4a_410( Eurydice_slice input, uint8_t ret[128U]) { - libcrux_ml_kem_hash_functions_portable_PRF_2b0(input, ret); + libcrux_ml_kem_hash_functions_portable_PRF_a6(input, ret); } /** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u.closure +This function found in impl {core::ops::function::FnMut<(usize), +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]> for libcrux_ml_kem::matrix::compute_vector_u::closure[TraitClause@0, TraitClause@1]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u.call_mut_a8 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_vector_u_closure_d6(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_ea(); +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d +libcrux_ml_kem_matrix_compute_vector_u_call_mut_a8_1b(void **_, + size_t tupled_args) { + return libcrux_ml_kem_polynomial_ZERO_d6_ea(); } /** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_38( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ea( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_normal_form = - libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( - self->coefficients[j], (int16_t)1441); - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_barrett_reduce_0d( - libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, - &error->coefficients[j])); - self->coefficients[j] = uu____0; + libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_b8( + myself->coefficients[j], (int16_t)1441); + libcrux_ml_kem_vector_portable_vector_type_PortableVector sum = + libcrux_ml_kem_vector_portable_add_b8(coefficient_normal_form, + &error->coefficients[j]); + libcrux_ml_kem_vector_portable_vector_type_PortableVector red = + libcrux_ml_kem_vector_portable_barrett_reduce_b8(sum); + myself->coefficients[j] = red; } } +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_d6 +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics + +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_d6_ea( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) { + libcrux_ml_kem_polynomial_add_error_reduce_ea(self, error); +} + /** Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ */ @@ -10334,149 +9096,47 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_59( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_1b( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d (*a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_ea(); + /* original Rust expression is not an lvalue in C */ + void *lvalue = (void *)0U; + result[i] = + libcrux_ml_kem_matrix_compute_vector_u_call_mut_a8_1b(&lvalue, i); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U]); i0++) { size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d), + libcrux_ml_kem_polynomial_PolynomialRingElement_1d); i++) { size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_2a(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_84(&result[i1], + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d product = + libcrux_ml_kem_polynomial_ntt_multiply_d6_ea(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_d6_1b(&result[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_f6(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_89_38(&result[i1], &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_1b(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_d6_ea(&result[i1], &error_1[i1]); } memcpy( ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.decompress_1 -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics - -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_decompress_1_63( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_ZERO_0d(); - return libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( - libcrux_ml_kem_vector_portable_sub_0d(uu____0, &v), (int16_t)1665); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_message with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_0d( - uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_ea(); - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_portable_vector_type_PortableVector - coefficient_compressed = - libcrux_ml_kem_vector_portable_deserialize_1_0d( - Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, - (size_t)2U * i0 + (size_t)2U, - uint8_t)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_traits_decompress_1_63(coefficient_compressed); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_add_message_error_reduce_89_ea( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_portable_vector_type_PortableVector - coefficient_normal_form = - libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( - result.coefficients[i0], (int16_t)1441); - libcrux_ml_kem_vector_portable_vector_type_PortableVector tmp = - libcrux_ml_kem_vector_portable_add_0d(self->coefficients[i0], - &message->coefficients[i0]); - libcrux_ml_kem_vector_portable_vector_type_PortableVector tmp0 = - libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, &tmp); - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_barrett_reduce_0d(tmp0); - result.coefficients[i0] = uu____0; - } - return result; -} - -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_ring_element_v_54( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_ea(); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_2a(&t_as_ntt[i0], - &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_84(&result, &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_f6(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_ea( - error_2, message, result); - return result; + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); } /** @@ -10485,32 +9145,33 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_02( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +libcrux_ml_kem_vector_portable_compress_compress_ef( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - int16_t uu____0 = + int16_t uu____0 = libcrux_secrets_int_as_i16_f5( libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( - (uint8_t)(int32_t)10, (uint16_t)v.elements[i0]); - v.elements[i0] = uu____0; + (uint8_t)(int32_t)10, + libcrux_secrets_int_as_u16_f5(a.elements[i0]))); + a.elements[i0] = uu____0; } - return v; + return a; } /** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +This function found in impl {libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ /** -A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d +A monomorphic instance of libcrux_ml_kem.vector.portable.compress_b8 with const generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_28( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_02(v); +libcrux_ml_kem_vector_portable_compress_b8_ef( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { + return libcrux_ml_kem_vector_portable_compress_compress_ef(a); } /** @@ -10520,83 +9181,22 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_fc( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { +libcrux_ml_kem_serialize_compress_then_serialize_10_ff( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_28( - libcrux_ml_kem_vector_traits_to_unsigned_representative_db( + libcrux_ml_kem_vector_portable_compress_b8_ef( + libcrux_ml_kem_serialize_to_unsigned_field_modulus_ea( re->coefficients[i0])); uint8_t bytes[20U]; - libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t); + libcrux_ml_kem_vector_portable_serialize_10_b8(coefficient, bytes); Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)20U, bytes, uint8_t), uint8_t); - } - memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.portable.compress.compress -with const generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_020( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - int16_t uu____0 = - libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( - (uint8_t)(int32_t)11, (uint16_t)v.elements[i0]); - v.elements[i0] = uu____0; - } - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d -with const generics -- COEFFICIENT_BITS= 11 -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_280( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_020(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_11 -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- OUT_LEN= 320 -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_e1( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { - uint8_t serialized[320U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_280( - libcrux_ml_kem_vector_traits_to_unsigned_representative_db( - re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)22U, bytes, uint8_t), uint8_t); + Eurydice_array_to_subslice3(serialized, (size_t)20U * i0, + (size_t)20U * i0 + (size_t)20U, uint8_t *), + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); } @@ -10609,10 +9209,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_5f( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_fe( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_fc(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_ff(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -10628,61 +9228,231 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_a7( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_43( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d), + libcrux_ml_kem_polynomial_PolynomialRingElement_1d); i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice3( out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t *); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_5f(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_fe(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } } +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_c1 +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const +generics +- K= 3 +- C1_LEN= 960 +- U_COMPRESSION_FACTOR= 10 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static KRML_MUSTINLINE tuple_ed libcrux_ml_kem_ind_cpa_encrypt_c1_85( + Eurydice_slice randomness, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d (*matrix)[3U], + Eurydice_slice ciphertext) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_c8(randomness, prf_input); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d r_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + /* original Rust expression is not an lvalue in C */ + void *lvalue = (void *)0U; + r_as_ntt[i] = libcrux_ml_kem_ind_cpa_encrypt_c1_call_mut_f1_85(&lvalue, i); + } + uint8_t domain_separator0 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3b(r_as_ntt, prf_input, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_1[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + /* original Rust expression is not an lvalue in C */ + void *lvalue = (void *)0U; + error_1[i] = libcrux_ml_kem_ind_cpa_encrypt_c1_call_mut_dd_85(&lvalue, i); + } + uint8_t domain_separator = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_3b( + prf_input, domain_separator0, error_1); + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + libcrux_ml_kem_hash_functions_portable_PRF_4a_410( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_2 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution_a0( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d u[3U]; + libcrux_ml_kem_matrix_compute_vector_u_1b(matrix, r_as_ntt, error_1, u); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0[3U]; + memcpy( + uu____0, u, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_43(uu____0, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1d copy_of_r_as_ntt[3U]; + memcpy( + copy_of_r_as_ntt, r_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); + tuple_ed lit; + memcpy( + lit.fst, copy_of_r_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); + lit.snd = error_2; + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_message with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d +libcrux_ml_kem_serialize_deserialize_then_decompress_message_ea( + uint8_t *serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = + libcrux_ml_kem_polynomial_ZERO_d6_ea(); + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_portable_vector_type_PortableVector + coefficient_compressed = + libcrux_ml_kem_vector_portable_deserialize_1_b8( + Eurydice_array_to_subslice3(serialized, (size_t)2U * i0, + (size_t)2U * i0 + (size_t)2U, + uint8_t *)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable_decompress_1_b8(coefficient_compressed); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d +libcrux_ml_kem_polynomial_add_message_error_reduce_ea( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *message, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d result) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_portable_vector_type_PortableVector + coefficient_normal_form = + libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_b8( + result.coefficients[i0], (int16_t)1441); + libcrux_ml_kem_vector_portable_vector_type_PortableVector sum1 = + libcrux_ml_kem_vector_portable_add_b8(myself->coefficients[i0], + &message->coefficients[i0]); + libcrux_ml_kem_vector_portable_vector_type_PortableVector sum2 = + libcrux_ml_kem_vector_portable_add_b8(coefficient_normal_form, &sum1); + libcrux_ml_kem_vector_portable_vector_type_PortableVector red = + libcrux_ml_kem_vector_portable_barrett_reduce_b8(sum2); + result.coefficients[i0] = red; + } + return result; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_d6 +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d +libcrux_ml_kem_polynomial_add_message_error_reduce_d6_ea( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *message, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d result) { + return libcrux_ml_kem_polynomial_add_message_error_reduce_ea(self, message, + result); +} + +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d +libcrux_ml_kem_matrix_compute_ring_element_v_1b( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d result = + libcrux_ml_kem_polynomial_ZERO_d6_ea(); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d product = + libcrux_ml_kem_polynomial_ntt_multiply_d6_ea(&t_as_ntt[i0], + &r_as_ntt[i0]); + libcrux_ml_kem_polynomial_add_to_ring_element_d6_1b(&result, &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_1b(&result); + return libcrux_ml_kem_polynomial_add_message_error_reduce_d6_ea( + error_2, message, result); +} + /** A monomorphic instance of libcrux_ml_kem.vector.portable.compress.compress with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_021( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +libcrux_ml_kem_vector_portable_compress_compress_d1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - int16_t uu____0 = + int16_t uu____0 = libcrux_secrets_int_as_i16_f5( libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( - (uint8_t)(int32_t)4, (uint16_t)v.elements[i0]); - v.elements[i0] = uu____0; + (uint8_t)(int32_t)4, + libcrux_secrets_int_as_u16_f5(a.elements[i0]))); + a.elements[i0] = uu____0; } - return v; + return a; } /** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +This function found in impl {libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ /** -A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d +A monomorphic instance of libcrux_ml_kem.vector.portable.compress_b8 with const generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_281( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_021(v); +libcrux_ml_kem_vector_portable_compress_b8_d1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { + return libcrux_ml_kem_vector_portable_compress_compress_d1(a); } /** @@ -10692,100 +9462,104 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_9a( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, +libcrux_ml_kem_serialize_compress_then_serialize_4_ea( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_281( - libcrux_ml_kem_vector_traits_to_unsigned_representative_db( + libcrux_ml_kem_vector_portable_compress_b8_d1( + libcrux_ml_kem_serialize_to_unsigned_field_modulus_ea( re.coefficients[i0])); uint8_t bytes[8U]; - libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); + libcrux_ml_kem_vector_portable_serialize_4_b8(coefficient, bytes); Eurydice_slice_copy( - Eurydice_slice_subslice2(serialized, (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice_subslice3(serialized, (size_t)8U * i0, + (size_t)8U * i0 + (size_t)8U, uint8_t *), Eurydice_array_to_slice((size_t)8U, bytes, uint8_t), uint8_t); } } -/** -A monomorphic instance of libcrux_ml_kem.vector.portable.compress.compress -with const generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_022( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - int16_t uu____0 = - libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( - (uint8_t)(int32_t)5, (uint16_t)v.elements[i0]); - v.elements[i0] = uu____0; - } - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d -with const generics -- COEFFICIENT_BITS= 5 -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_282( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_022(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_5 -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics - -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_1f( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, - Eurydice_slice serialized) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - libcrux_ml_kem_vector_portable_compress_0d_282( - libcrux_ml_kem_vector_traits_to_unsigned_representative_db( - re.coefficients[i0])); - uint8_t bytes[10U]; - libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); - Eurydice_slice_copy( - Eurydice_slice_subslice2(serialized, (size_t)10U * i0, - (size_t)10U * i0 + (size_t)10U, uint8_t), - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t), uint8_t); - } -} - /** A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- K= 3 - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_4e( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_9a(re, out); +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_6c( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d re, Eurydice_slice out) { + libcrux_ml_kem_serialize_compress_then_serialize_4_ea(re, out); } /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_c2 +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 3 +- V_COMPRESSION_FACTOR= 4 +- C2_LEN= 128 +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_c2_6c( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error_2, + uint8_t *message, Eurydice_slice ciphertext) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d message_as_ring_element = + libcrux_ml_kem_serialize_deserialize_then_decompress_message_ea(message); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d v = + libcrux_ml_kem_matrix_compute_ring_element_v_1b( + t_as_ntt, r_as_ntt, error_2, &message_as_ring_element); + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_6c( + v, ciphertext); +} + +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics @@ -10802,95 +9576,83 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_60(Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_33( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), - t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_38(ret0, false, A); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_fc( - copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t domain_separator0 = uu____1.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_ac( - copy_of_prf_input, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; - memcpy( - error_1, uu____3.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_ee0( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_c6( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_59(A, r_as_ntt, error_1, u); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_0d( - copy_of_message); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_54( - t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_unpacked_2a( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, + uint8_t *message, Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t ciphertext[1088U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; + tuple_ed uu____0 = libcrux_ml_kem_ind_cpa_encrypt_c1_85( + randomness, public_key->A, + Eurydice_array_to_subslice3(ciphertext, (size_t)0U, (size_t)960U, + uint8_t *)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d r_as_ntt[3U]; memcpy( - uu____5, u, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_a7( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_4e( - uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t)); + r_as_ntt, uu____0.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_2 = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *uu____1 = + public_key->t_as_ntt; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *uu____2 = r_as_ntt; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *uu____3 = &error_2; + uint8_t *uu____4 = message; + libcrux_ml_kem_ind_cpa_encrypt_c2_6c( + uu____1, uu____2, uu____3, uu____4, + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, + uint8_t, size_t, uint8_t[])); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } /** -This function found in impl {(libcrux_ml_kem::variant::Variant for -libcrux_ml_kem::variant::MlKem)#1} +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const +generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 */ +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_2a( + Eurydice_slice public_key, uint8_t *message, Eurydice_slice randomness, + uint8_t ret[1088U]) { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 + unpacked_public_key = + libcrux_ml_kem_ind_cpa_build_unpacked_public_key_3f(public_key); + uint8_t ret0[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_unpacked_2a(&unpacked_public_key, message, + randomness, ret0); + memcpy(ret, ret0, (size_t)1088U * sizeof(uint8_t)); +} + /** -A monomorphic instance of libcrux_ml_kem.variant.kdf_d8 +This function found in impl {libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::MlKem} +*/ +/** +A monomorphic instance of libcrux_ml_kem.variant.kdf_39 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_41( - Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, - uint8_t ret[32U]) { +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_39_d6( + Eurydice_slice shared_secret, uint8_t *_, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), shared_secret, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } +/** + This code verifies on some machines, runs out of memory on others +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -10913,71 +9675,63 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_70( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_decapsulate_62( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), - (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice_uint8_t_x4 uu____0 = + libcrux_ml_kem_types_unpack_private_key_b4( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t)); Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; + Eurydice_slice ind_cpa_public_key = uu____0.snd; + Eurydice_slice ind_cpa_public_key_hash = uu____0.thd; + Eurydice_slice implicit_rejection_value = uu____0.f3; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_43(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_42(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_ea( + libcrux_ml_kem_utils_into_padded_array_24( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t), + uint8_t, size_t, uint8_t[]), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_e4( + libcrux_ml_kem_hash_functions_portable_G_4a_e0( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; + Eurydice_slice shared_secret0 = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_ea0(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + libcrux_ml_kem_utils_into_padded_array_15(implicit_rejection_value, to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_24(ciphertext), + uint8_t, size_t, uint8_t[]); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_d3_80(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_ee( + libcrux_ml_kem_hash_functions_portable_PRF_4a_41( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_60(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_2a(ind_cpa_public_key, decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_d8_41( + libcrux_ml_kem_variant_kdf_39_d6( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), - ciphertext, implicit_rejection_shared_secret); + libcrux_ml_kem_types_as_slice_a9_80(ciphertext), + implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_variant_kdf_d8_41(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_variant_kdf_39_d6( + shared_secret0, libcrux_ml_kem_types_as_slice_a9_80(ciphertext), + shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_24(ciphertext), + libcrux_ml_kem_types_as_ref_d3_80(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -11010,10 +9764,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_2e( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_35( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_70(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_62(private_key, ciphertext, ret); } /** @@ -11024,23 +9778,23 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_2e( [`MlKem768Ciphertext`]. */ static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_2e( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_35( private_key, ciphertext, ret); } /** -This function found in impl {(libcrux_ml_kem::variant::Variant for -libcrux_ml_kem::variant::MlKem)#1} +This function found in impl {libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::MlKem} */ /** -A monomorphic instance of libcrux_ml_kem.variant.entropy_preprocess_d8 +A monomorphic instance of libcrux_ml_kem.variant.entropy_preprocess_39 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_63( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_39_9c( Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -11049,15 +9803,15 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_63( } /** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::portable::PortableHash)} +This function found in impl {libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::portable::PortableHash} */ /** -A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 +A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_4a with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H_f1_1a( +static inline void libcrux_ml_kem_hash_functions_portable_H_4a_e0( Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -11075,34 +9829,33 @@ libcrux_ml_kem_variant_MlKem with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_cd( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { +static KRML_MUSTINLINE tuple_c2 libcrux_ml_kem_ind_cca_encapsulate_ca( + libcrux_ml_kem_types_MlKemPublicKey_30 *public_key, uint8_t *randomness) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_d8_63( + libcrux_ml_kem_variant_entropy_preprocess_39_9c( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_ea( + libcrux_ml_kem_utils_into_padded_array_24( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_1a( + size_t, uint8_t[]); + uint8_t ret0[32U]; + libcrux_ml_kem_hash_functions_portable_H_4a_e0( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_50(public_key), + libcrux_ml_kem_types_as_slice_e6_d0(public_key), uint8_t), - ret); + ret0); Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); + uu____0, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_e4( + libcrux_ml_kem_hash_functions_portable_G_4a_e0( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -11110,30 +9863,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_cd( Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_50(public_key), uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_60(uu____2, copy_of_randomness, - pseudorandomness, ciphertext); + libcrux_ml_kem_ind_cpa_encrypt_2a( + Eurydice_array_to_slice((size_t)1184U, + libcrux_ml_kem_types_as_slice_e6_d0(public_key), + uint8_t), + randomness0, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_9f(copy_of_ciphertext); - uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_d8_41(shared_secret, &ciphertext0, - shared_secret_array); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_c2 lit; + lit.fst = libcrux_ml_kem_types_from_e0_80(copy_of_ciphertext); + uint8_t ret[32U]; + libcrux_ml_kem_variant_kdf_39_d6(shared_secret, ciphertext, ret); + memcpy(lit.snd, ret, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -11148,21 +9891,16 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_c6( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_cd(uu____0, copy_of_randomness); +static inline tuple_c2 +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_cd( + libcrux_ml_kem_types_MlKemPublicKey_30 *public_key, uint8_t *randomness) { + return libcrux_ml_kem_ind_cca_encapsulate_ca(public_key, randomness); } /** @@ -11172,96 +9910,145 @@ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_c6( The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] bytes of `randomness`. */ -static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, +static inline tuple_c2 libcrux_ml_kem_mlkem768_portable_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey_30 *public_key, uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_c6( - uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_cd( + public_key, randomness); } /** -This function found in impl {(libcrux_ml_kem::variant::Variant for -libcrux_ml_kem::variant::MlKem)#1} +This function found in impl {core::default::Default for +libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0, TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.variant.cpa_keygen_seed_d8 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_70 +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 3 +*/ +static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 +libcrux_ml_kem_ind_cpa_unpacked_default_70_1b(void) { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 lit; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d repeat_expression[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + repeat_expression[i] = libcrux_ml_kem_polynomial_ZERO_d6_ea(); + } + memcpy( + lit.secret_as_ntt, repeat_expression, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); + return lit; +} + +/** +This function found in impl {libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::MlKem} +*/ +/** +A monomorphic instance of libcrux_ml_kem.variant.cpa_keygen_seed_39 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_0e( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_39_9c( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( - Eurydice_array_to_subslice2( + Eurydice_array_to_subslice3( seed, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t), + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t *), key_generation_seed, uint8_t); seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = (uint8_t)(size_t)3U; uint8_t ret0[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_e4( + libcrux_ml_kem_hash_functions_portable_G_4a_e0( Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } /** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e.closure -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics +This function found in impl {core::ops::function::FnMut<(usize), +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@3]> for +libcrux_ml_kem::ind_cpa::generate_keypair_unpacked::closure[TraitClause@0, TraitClause@1, +TraitClause@2, TraitClause@3, TraitClause@4, TraitClause@5]} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.generate_keypair_unpacked.call_mut_73 with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], +libcrux_ml_kem_variant_MlKem with const generics - K= 3 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_87(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_ea(); +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d +libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_call_mut_73_1c( + void **_, size_t tupled_args) { + return libcrux_ml_kem_polynomial_ZERO_d6_ea(); } /** -A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain +A monomorphic instance of libcrux_ml_kem.polynomial.to_standard_domain with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_standard_domain_59( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( - v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_polynomial_to_standard_domain_ea( + libcrux_ml_kem_vector_portable_vector_type_PortableVector vector) { + return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_b8( + vector, + LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); } /** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_89_03( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { +libcrux_ml_kem_polynomial_add_standard_error_reduce_ea( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_59( - self->coefficients[j]); - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_barrett_reduce_0d( - libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, - &error->coefficients[j])); - self->coefficients[j] = uu____0; + libcrux_ml_kem_polynomial_to_standard_domain_ea( + myself->coefficients[j]); + libcrux_ml_kem_vector_portable_vector_type_PortableVector sum = + libcrux_ml_kem_vector_portable_add_b8(coefficient_normal_form, + &error->coefficients[j]); + libcrux_ml_kem_vector_portable_vector_type_PortableVector red = + libcrux_ml_kem_vector_portable_barrett_reduce_b8(sum); + myself->coefficients[j] = red; } } +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_d6 +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics + +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_ea( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) { + libcrux_ml_kem_polynomial_add_standard_error_reduce_ea(self, error); +} + /** Compute  ◦ ŝ + ê */ @@ -11271,46 +10058,135 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_60( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_ea(); - } - for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_1b( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d (*matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error_as_ntt) { + for (size_t i = (size_t)0U; + i < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)3U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U]); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *row = matrix_A[i0]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = + libcrux_ml_kem_polynomial_ZERO_d6_ea(); + t_as_ntt[i0] = uu____0; + for (size_t i1 = (size_t)0U; + i1 < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d), + libcrux_ml_kem_polynomial_PolynomialRingElement_1d); + i1++) { + size_t j = i1; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_2a(matrix_element, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d product = + libcrux_ml_kem_polynomial_ntt_multiply_d6_ea(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_84(&result[i1], + libcrux_ml_kem_polynomial_add_to_ring_element_d6_1b(&t_as_ntt[i0], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_89_03( - &result[i1], &error_as_ntt[i1]); + libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_ea( + &t_as_ntt[i0], &error_as_ntt[i0]); } - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); +} + +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], +libcrux_ml_kem_variant_MlKem with const generics +- K= 3 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1c( + Eurydice_slice key_generation_seed, + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key, + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key) { + uint8_t hashed[64U]; + libcrux_ml_kem_variant_cpa_keygen_seed_39_9c(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____1)[3U] = + public_key->A; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_b6(seed_for_A, ret); + libcrux_ml_kem_matrix_sample_matrix_A_2b(uu____1, ret, true); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_c8(seed_for_secret_and_error, + prf_input); + uint8_t domain_separator = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3b( + private_key->secret_as_ntt, prf_input, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + /* original Rust expression is not an lvalue in C */ + void *lvalue = (void *)0U; + error_as_ntt[i] = + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_call_mut_73_1c(&lvalue, + i); + } + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3b(error_as_ntt, prf_input, + domain_separator); + libcrux_ml_kem_matrix_compute_As_plus_e_1b( + public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, + error_as_ntt); + uint8_t uu____2[32U]; + Result_fb dst; + Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U], + TryFromSliceError); + unwrap_26_b3(dst, uu____2); + memcpy(public_key->seed_for_A, uu____2, (size_t)32U * sizeof(uint8_t)); } /** @@ -11320,21 +10196,21 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_5b( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_ea( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_db( + libcrux_ml_kem_serialize_to_unsigned_field_modulus_ea( re->coefficients[i0]); uint8_t bytes[24U]; - libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t); + libcrux_ml_kem_vector_portable_serialize_12_b8(coefficient, bytes); Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)24U, bytes, uint8_t), uint8_t); + Eurydice_array_to_subslice3(serialized, (size_t)24U * i0, + (size_t)24U * i0 + (size_t)24U, uint8_t *), + Eurydice_array_to_slice((size_t)24U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } @@ -11343,35 +10219,59 @@ libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_5b( Call [`serialize_uncompressed_ring_element`] for each ring element. */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_vector with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 -- OUT_LEN= 1152 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_b5( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, - uint8_t ret[1152U]) { - uint8_t out[1152U] = {0U}; +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_vector_1b( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *key, + Eurydice_slice out) { for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d), + libcrux_ml_kem_polynomial_PolynomialRingElement_1d); i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = key[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice3( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_5b(&re, ret0); + uint8_t *); + uint8_t ret[384U]; + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_ea(&re, ret); Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); + uu____0, Eurydice_array_to_slice((size_t)384U, ret, uint8_t), uint8_t); } - memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); +} + +/** + Concatenate `t` and `ρ` into the public key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key_mut +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 3 +- PUBLIC_KEY_SIZE= 1184 +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_89( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t *serialized) { + libcrux_ml_kem_ind_cpa_serialize_vector_1b( + t_as_ntt, + Eurydice_array_to_subslice3( + serialized, (size_t)0U, + libcrux_ml_kem_constants_ranked_bytes_per_ring_element((size_t)3U), + uint8_t *)); + Eurydice_slice_copy( + Eurydice_array_to_subslice_from( + (size_t)1184U, serialized, + libcrux_ml_kem_constants_ranked_bytes_per_ring_element((size_t)3U), + uint8_t, size_t, uint8_t[]), + seed_for_a, uint8_t); } /** @@ -11382,88 +10282,41 @@ A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_79( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_89( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); - uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_b5(t_as_ntt, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); - Eurydice_slice_copy( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t), - seed_for_a, uint8_t); + libcrux_ml_kem_ind_cpa_serialize_public_key_mut_89(t_as_ntt, seed_for_a, + public_key_serialized); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], -libcrux_ml_kem_variant_MlKem with const generics + Serialize the secret key from the unpacked key pair generation. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_unpacked_secret_key +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics - K= 3 - PRIVATE_KEY_SIZE= 1152 - PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_fc(Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_d8_0e(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_38(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, - prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_fc( - copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t domain_separator = uu____2.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; - memcpy( - error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_fc(copy_of_prf_input, - domain_separator) - .fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_60(A_transpose, secret_as_ntt, - error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - unwrap_41_83(dst, seed_for_A); +libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_6c( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key) { uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_79( - t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), + libcrux_ml_kem_ind_cpa_serialize_public_key_89( + public_key->t_as_ntt, + Eurydice_array_to_slice((size_t)32U, public_key->seed_for_A, uint8_t), public_key_serialized); - uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_b5(secret_as_ntt, - secret_key_serialized); + uint8_t secret_key_serialized[1152U] = {0U}; + libcrux_ml_kem_ind_cpa_serialize_vector_1b( + private_key->secret_as_ntt, + Eurydice_array_to_slice((size_t)1152U, secret_key_serialized, uint8_t)); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -11480,55 +10333,94 @@ libcrux_ml_kem_ind_cpa_generate_keypair_fc(Eurydice_slice key_generation_seed) { return lit; } +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], +libcrux_ml_kem_variant_MlKem with const generics +- K= 3 +- PRIVATE_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_utils_extraction_helper_Keypair768 +libcrux_ml_kem_ind_cpa_generate_keypair_ea(Eurydice_slice key_generation_seed) { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 private_key = + libcrux_ml_kem_ind_cpa_unpacked_default_70_1b(); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key = + libcrux_ml_kem_ind_cpa_unpacked_default_8b_1b(); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1c( + key_generation_seed, &private_key, &public_key); + return libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_6c(&public_key, + &private_key); +} + /** Serialize the secret key. */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key_mut with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_48( +static KRML_MUSTINLINE void +libcrux_ml_kem_ind_cca_serialize_kem_secret_key_mut_d6( Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { - uint8_t out[2400U] = {0U}; + Eurydice_slice implicit_rejection_value, uint8_t *serialized) { size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; + uint8_t *uu____0 = serialized; size_t uu____1 = pointer; size_t uu____2 = pointer; Eurydice_slice_copy( - Eurydice_array_to_subslice2( + Eurydice_array_to_subslice3( uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), - uint8_t), + uint8_t *), private_key, uint8_t); pointer = pointer + Eurydice_slice_len(private_key, uint8_t); - uint8_t *uu____3 = out; + uint8_t *uu____3 = serialized; size_t uu____4 = pointer; size_t uu____5 = pointer; Eurydice_slice_copy( - Eurydice_array_to_subslice2( + Eurydice_array_to_subslice3( uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), - uint8_t), + uint8_t *), public_key, uint8_t); pointer = pointer + Eurydice_slice_len(public_key, uint8_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); - uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_1a(public_key, ret0); + Eurydice_slice uu____6 = Eurydice_array_to_subslice3( + serialized, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t *); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_portable_H_4a_e0(public_key, ret); Eurydice_slice_copy( - uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); + uu____6, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; + uint8_t *uu____7 = serialized; size_t uu____8 = pointer; size_t uu____9 = pointer; Eurydice_slice_copy( - Eurydice_array_to_subslice2( + Eurydice_array_to_subslice3( uu____7, uu____8, uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), - uint8_t), + uint8_t *), implicit_rejection_value, uint8_t); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] +with const generics +- K= 3 +- SERIALIZED_KEY_LEN= 2400 +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d6( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { + uint8_t out[2400U] = {0U}; + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_mut_d6( + private_key, public_key, implicit_rejection_value, out); memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } @@ -11549,27 +10441,26 @@ libcrux_ml_kem_variant_MlKem with const generics - CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_8c(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( +static KRML_MUSTINLINE libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_generate_keypair_15(uint8_t *randomness) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice3( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t *); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); + size_t, uint8_t[]); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_fc(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_ea(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_48( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d6( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -11577,14 +10468,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_8c(uint8_t randomness[64U]) { uint8_t copy_of_secret_key_serialized[2400U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_f2(copy_of_secret_key_serialized); - libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; + libcrux_ml_kem_types_MlKemPrivateKey_d9 private_key = + libcrux_ml_kem_types_from_77_28(copy_of_secret_key_serialized); + libcrux_ml_kem_types_MlKemPrivateKey_d9 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_35( - uu____2, libcrux_ml_kem_types_from_b6_da(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_74( + uu____2, libcrux_ml_kem_types_from_fd_d0(copy_of_public_key)); } /** @@ -11598,17 +10489,13 @@ generics - CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_d5( - uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_8c(copy_of_randomness); +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ce( + uint8_t *randomness) { + return libcrux_ml_kem_ind_cca_generate_keypair_15(randomness); } /** @@ -11616,542 +10503,59 @@ libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_d5( */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_d5( - copy_of_randomness); -} - -/** -This function found in impl {(libcrux_ml_kem::variant::Variant for -libcrux_ml_kem::variant::Kyber)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.variant.kdf_33 -with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_f0( - Eurydice_slice shared_secret, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - uint8_t kdf_input[64U]; - libcrux_ml_kem_utils_into_padded_array_ea(shared_secret, kdf_input); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, kdf_input, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_1a( - Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_d4_1d(ciphertext), - uint8_t), - ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); - uint8_t ret1[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_ee( - Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t), ret1); - memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], -libcrux_ml_kem_variant_Kyber with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -static inline void libcrux_ml_kem_ind_cca_decapsulate_700( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), - (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_43(ind_cpa_secret_key, ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice_copy( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t), - ind_cpa_public_key_hash, uint8_t); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_e4( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_ea0(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_24(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_ee( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_60(uu____5, copy_of_decrypted, - pseudorandomness, expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_33_f0( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t), - ciphertext, implicit_rejection_shared_secret); - uint8_t shared_secret[32U]; - libcrux_ml_kem_variant_kdf_33_f0(shared_secret0, ciphertext, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_24(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** - Portable decapsulate -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.portable.kyber_decapsulate with const -generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_fc( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_700(private_key, ciphertext, ret); -} - -/** - Decapsulate Kyber 768 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem768PrivateKey`] and an - [`MlKem768Ciphertext`]. -*/ -static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_fc( - private_key, ciphertext, ret); -} - -/** -This function found in impl {(libcrux_ml_kem::variant::Variant for -libcrux_ml_kem::variant::Kyber)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.variant.entropy_preprocess_33 -with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_8a( - Eurydice_slice randomness, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_H_f1_1a(randomness, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], -libcrux_ml_kem_variant_Kyber with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_cd0( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_33_8a( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_1a( - Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_50(public_key), - uint8_t), - ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_e4( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_50(public_key), uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_60(uu____2, copy_of_randomness, - pseudorandomness, ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1088U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_9f(copy_of_ciphertext); - uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_33_f0(shared_secret, &ciphertext0, - shared_secret_array); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** - Portable encapsulate -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.portable.kyber_encapsulate with const -generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_7a( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_cd0(uu____0, copy_of_randomness); -} - -/** - Encapsulate Kyber 768 - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ -static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_7a( - uu____0, copy_of_randomness); -} - -/** -This function found in impl {(libcrux_ml_kem::variant::Variant for -libcrux_ml_kem::variant::Kyber)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.variant.cpa_keygen_seed_33 -with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_b6( - Eurydice_slice key_generation_seed, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_portable_G_f1_e4(key_generation_seed, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], -libcrux_ml_kem_variant_Kyber with const generics -- K= 3 -- PRIVATE_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_fc0( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_33_b6(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_38(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, - prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_fc( - copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t domain_separator = uu____2.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; - memcpy( - error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_fc(copy_of_prf_input, - domain_separator) - .fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_60(A_transpose, secret_as_ntt, - error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - unwrap_41_83(dst, seed_for_A); - uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_79( - t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), - public_key_serialized); - uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_b5(secret_as_ntt, - secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[1152U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)1152U * sizeof(uint8_t)); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_serialized[1184U]; - memcpy(copy_of_public_key_serialized, public_key_serialized, - (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, - (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, - (size_t)1184U * sizeof(uint8_t)); - return lit; -} - -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], -libcrux_ml_kem_variant_Kyber with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_8c0(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); - libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_fc0(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1152U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); - uint8_t public_key[1184U]; - memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); - uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_48( - Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), - implicit_rejection_value, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[2400U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_f2(copy_of_secret_key_serialized); - libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key[1184U]; - memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_35( - uu____2, libcrux_ml_kem_types_from_b6_da(copy_of_public_key)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.portable.kyber_generate_keypair with const -generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_9b( - uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_8c0(copy_of_randomness); -} - -/** - Generate Kyber 768 Key Pair -*/ -static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair( - uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_9b( - copy_of_randomness); + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ce( + randomness); } /** Validate an ML-KEM private key. This implements the Hash check in 7.3 3. - Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` - and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key_only with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 - SECRET_KEY_SIZE= 2400 -- CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_e7( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_only_d6( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) { uint8_t t[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_1a( - Eurydice_array_to_subslice2(private_key->value, (size_t)384U * (size_t)3U, + libcrux_ml_kem_hash_functions_portable_H_4a_e0( + Eurydice_array_to_subslice3(private_key->value, (size_t)384U * (size_t)3U, (size_t)768U * (size_t)3U + (size_t)32U, - uint8_t), + uint8_t *), t); - Eurydice_slice expected = Eurydice_array_to_subslice2( + Eurydice_slice expected = Eurydice_array_to_subslice3( private_key->value, (size_t)768U * (size_t)3U + (size_t)32U, - (size_t)768U * (size_t)3U + (size_t)64U, uint8_t); - return core_array_equality___core__cmp__PartialEq__0___Slice_U____for__Array_T__N___3__eq( - (size_t)32U, t, &expected, uint8_t, uint8_t, bool); + (size_t)768U * (size_t)3U + (size_t)64U, uint8_t *); + return Eurydice_array_eq_slice((size_t)32U, t, &expected, uint8_t, bool); } /** - Portable private key validation + Validate an ML-KEM private key. + + This implements the Hash check in 7.3 3. + Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` + and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CIPHERTEXT_SIZE= 1088 +*/ +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_37( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { + return libcrux_ml_kem_ind_cca_validate_private_key_only_d6(private_key); +} + +/** + Private key validation */ /** A monomorphic instance of @@ -12162,10 +10566,10 @@ generics - CIPHERTEXT_SIZE= 1088 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_9c( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, +libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_31( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_e7(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_37(private_key, ciphertext); } @@ -12175,23 +10579,57 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_9c( Returns `true` if valid, and `false` otherwise. */ static inline bool libcrux_ml_kem_mlkem768_portable_validate_private_key( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_9c( + return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_31( private_key, ciphertext); } +/** + Private key validation +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.portable.validate_private_key_only with +const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +*/ +static KRML_MUSTINLINE bool +libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_only_41( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) { + return libcrux_ml_kem_ind_cca_validate_private_key_only_d6(private_key); +} + +/** + Validate the private key only. + + Returns `true` if valid, and `false` otherwise. +*/ +static inline bool libcrux_ml_kem_mlkem768_portable_validate_private_key_only( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) { + return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_only_41( + private_key); +} + +/** +This function found in impl {core::ops::function::FnMut<(usize), +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]> for +libcrux_ml_kem::serialize::deserialize_ring_elements_reduced_out::closure[TraitClause@0, TraitClause@1]} +*/ /** A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- PUBLIC_KEY_SIZE= 1184 +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out.call_mut_0b with +types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const +generics - K= 3 */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_cd0( - size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_ea(); +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_call_mut_0b_1b( + void **_, size_t tupled_args) { + return libcrux_ml_kem_polynomial_ZERO_d6_ea(); } /** @@ -12202,37 +10640,27 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_cd0( */ /** A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- PUBLIC_KEY_SIZE= 1184 - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_330( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_1b( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_ea(); - } - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_4c( - ring_element); - deserialized_pk[i0] = uu____0; + /* original Rust expression is not an lvalue in C */ + void *lvalue = (void *)0U; + deserialized_pk[i] = + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_call_mut_0b_1b( + &lvalue, i); } + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_1b( + public_key, deserialized_pk); memcpy( ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); } /** @@ -12247,42 +10675,44 @@ A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_19( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_89( uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_330( - Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t), + libcrux_ml_kem_polynomial_PolynomialRingElement_1d deserialized_pk[3U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_1b( + Eurydice_array_to_subslice_to( + (size_t)1184U, public_key, + libcrux_ml_kem_constants_ranked_bytes_per_ring_element((size_t)3U), + uint8_t, size_t, uint8_t[]), deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_79( + libcrux_ml_kem_ind_cpa_serialize_public_key_89( uu____0, - Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t), + Eurydice_array_to_subslice_from( + (size_t)1184U, public_key, + libcrux_ml_kem_constants_ranked_bytes_per_ring_element((size_t)3U), + uint8_t, size_t, uint8_t[]), public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( - (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); + return Eurydice_array_eq((size_t)1184U, public_key, public_key_serialized, + uint8_t); } /** - Portable public key validation + Public key validation */ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const generics - K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_4b( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_41( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_19(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_89(public_key); } /** @@ -12291,44 +10721,1022 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_4b( Returns `true` if valid, and `false` otherwise. */ static inline bool libcrux_ml_kem_mlkem768_portable_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_4b( + libcrux_ml_kem_types_MlKemPublicKey_30 *public_key) { + return libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_41( public_key->value); } /** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- $3size_t */ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_clone_3b( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *self) { - return self[0U]; +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; + +typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768PublicKeyUnpacked; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; + +typedef struct + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; +} libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const +generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_unpacked_decapsulate_51( + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t decrypted[32U]; + libcrux_ml_kem_ind_cpa_decrypt_unpacked_42( + &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_24( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, uint8_t[]); + Eurydice_slice_copy( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t), + uint8_t); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable_G_4a_e0( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_15( + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, uint8_t[]); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_d3_80(ciphertext), + uint8_t); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_hash_functions_portable_PRF_4a_41( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + implicit_rejection_shared_secret); + uint8_t expected_ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_unpacked_2a( + &key_pair->public_key.ind_cpa_public_key, decrypted, pseudorandomness, + expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_d3_80(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -typedef int16_t libcrux_ml_kem_vector_portable_vector_type_FieldElement; +/** + Unpacked decapsulate +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.portable.unpacked.decapsulate with const +generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_35( + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_unpacked_decapsulate_51(key_pair, ciphertext, ret); +} -typedef int16_t - libcrux_ml_kem_vector_portable_arithmetic_MontgomeryFieldElement; +/** + Decapsulate ML-KEM 768 (unpacked) -typedef int16_t - libcrux_ml_kem_vector_portable_arithmetic_FieldElementTimesMontgomeryR; + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ +static inline void libcrux_ml_kem_mlkem768_portable_unpacked_decapsulate( + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked + *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_35( + private_key, ciphertext, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encaps_prepare +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] +with const generics +- K= 3 +*/ +static inline void libcrux_ml_kem_ind_cca_unpacked_encaps_prepare_9c( + Eurydice_slice randomness, Eurydice_slice pk_hash, uint8_t ret[64U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_24(randomness, to_hash); + Eurydice_slice_copy( + Eurydice_array_to_subslice_from((size_t)64U, to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, size_t, uint8_t[]), + pk_hash, uint8_t); + uint8_t ret0[64U]; + libcrux_ml_kem_hash_functions_portable_G_4a_e0( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), ret0); + memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const +generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static KRML_MUSTINLINE tuple_c2 libcrux_ml_kem_ind_cca_unpacked_encapsulate_0c( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, + uint8_t *randomness) { + uint8_t hashed[64U]; + libcrux_ml_kem_ind_cca_unpacked_encaps_prepare_9c( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, + uint8_t), + hashed); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____0.fst; + Eurydice_slice pseudorandomness = uu____0.snd; + uint8_t ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_unpacked_2a(&public_key->ind_cpa_public_key, + randomness, pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____2 = + libcrux_ml_kem_types_from_e0_80(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); + tuple_c2 lit; + lit.fst = uu____2; + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** + Unpacked encapsulate +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.portable.unpacked.encapsulate with const +generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static KRML_MUSTINLINE tuple_c2 +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_cd( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, + uint8_t *randomness) { + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_0c(public_key, randomness); +} + +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ +static inline tuple_c2 libcrux_ml_kem_mlkem768_portable_unpacked_encapsulate( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, + uint8_t randomness[32U]) { + return libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_cd( + public_key, randomness); +} + +/** +This function found in impl {core::ops::function::FnMut<(usize), +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]> for +libcrux_ml_kem::ind_cca::unpacked::transpose_a::closure::closure[TraitClause@0, TraitClause@1]} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.transpose_a.closure.call_mut_b4 with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- K= 3 +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d +libcrux_ml_kem_ind_cca_unpacked_transpose_a_closure_call_mut_b4_1b( + void **_, size_t tupled_args) { + return libcrux_ml_kem_polynomial_ZERO_d6_ea(); +} + +/** +This function found in impl {core::ops::function::FnMut<(usize), +@Array[TraitClause@0, +TraitClause@1], K>> for +libcrux_ml_kem::ind_cca::unpacked::transpose_a::closure[TraitClause@0, TraitClause@1]} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.transpose_a.call_mut_7b with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- K= 3 +*/ +static inline void libcrux_ml_kem_ind_cca_unpacked_transpose_a_call_mut_7b_1b( + void **_, size_t tupled_args, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]) { + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + /* original Rust expression is not an lvalue in C */ + void *lvalue = (void *)0U; + ret[i] = libcrux_ml_kem_ind_cca_unpacked_transpose_a_closure_call_mut_b4_1b( + &lvalue, i); + } +} + +/** +This function found in impl {core::clone::Clone for +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@2]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.clone_c1 +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics + +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d +libcrux_ml_kem_polynomial_clone_c1_ea( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d lit; + libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; + core_array__core__clone__Clone_for__Array_T__N___clone( + (size_t)16U, self->coefficients, ret, + libcrux_ml_kem_vector_portable_vector_type_PortableVector, void *); + memcpy(lit.coefficients, ret, + (size_t)16U * + sizeof(libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.transpose_a +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 3 +*/ +static inline void libcrux_ml_kem_ind_cca_unpacked_transpose_a_1b( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d ind_cpa_a[3U][3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U][3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d A[3U][3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + /* original Rust expression is not an lvalue in C */ + void *lvalue = (void *)0U; + libcrux_ml_kem_ind_cca_unpacked_transpose_a_call_mut_7b_1b(&lvalue, i, + A[i]); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d _a_i[3U][3U]; + memcpy(_a_i, A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U])); + for (size_t i1 = (size_t)0U; i1 < (size_t)3U; i1++) { + size_t j = i1; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = + libcrux_ml_kem_polynomial_clone_c1_ea(&ind_cpa_a[j][i0]); + A[i0][j] = uu____0; + } + } + memcpy(ret, A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U])); +} + +/** + Generate Unpacked Keys +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.generate_keypair +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], +libcrux_ml_kem_variant_MlKem with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_15( + uint8_t randomness[64U], + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *out) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice3( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t *); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, uint8_t[]); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1c( + ind_cpa_keypair_randomness, &out->private_key.ind_cpa_private_key, + &out->public_key.ind_cpa_public_key); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0[3U][3U]; + memcpy(uu____0, out->public_key.ind_cpa_public_key.A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d A[3U][3U]; + libcrux_ml_kem_ind_cca_unpacked_transpose_a_1b(uu____0, A); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____1[3U][3U]; + memcpy(uu____1, A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U])); + memcpy(out->public_key.ind_cpa_public_key.A, uu____1, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U])); + uint8_t pk_serialized[1184U]; + libcrux_ml_kem_ind_cpa_serialize_public_key_89( + out->public_key.ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice( + (size_t)32U, out->public_key.ind_cpa_public_key.seed_for_A, uint8_t), + pk_serialized); + uint8_t uu____2[32U]; + libcrux_ml_kem_hash_functions_portable_H_4a_e0( + Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), uu____2); + memcpy(out->public_key.public_key_hash, uu____2, + (size_t)32U * sizeof(uint8_t)); + uint8_t uu____3[32U]; + Result_fb dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value, Eurydice_slice, + uint8_t[32U], TryFromSliceError); + unwrap_26_b3(dst, uu____3); + memcpy(out->private_key.implicit_rejection_value, uu____3, + (size_t)32U * sizeof(uint8_t)); +} + +/** + Generate a key pair +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.portable.unpacked.generate_keypair with +const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_ce( + uint8_t randomness[64U], + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *out) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_15(copy_of_randomness, out); +} + +/** + Generate ML-KEM 768 Key Pair in "unpacked" form. +*/ +static inline void +libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair_mut( + uint8_t randomness[64U], + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked + *key_pair) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_ce( + copy_of_randomness, key_pair); +} + +/** +This function found in impl {core::default::Default for +libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0, TraitClause@1]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_30 +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 +libcrux_ml_kem_ind_cca_unpacked_default_30_1b(void) { + return ( + KRML_CLITERAL(libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0){ + .ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8b_1b(), + .public_key_hash = {0U}}); +} + +/** +This function found in impl {core::default::Default for +libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0, TraitClause@1]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_7b +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked + libcrux_ml_kem_ind_cca_unpacked_default_7b_1b(void) { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____0 = { + .ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_70_1b(), + .implicit_rejection_value = {0U}}; + return (KRML_CLITERAL( + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked){ + .private_key = uu____0, + .public_key = libcrux_ml_kem_ind_cca_unpacked_default_30_1b()}); +} + +/** + Generate ML-KEM 768 Key Pair in "unpacked" form. +*/ +static inline libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked +libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair( + uint8_t randomness[64U]) { + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked key_pair = + libcrux_ml_kem_ind_cca_unpacked_default_7b_1b(); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair_mut(uu____0, + &key_pair); + return key_pair; +} + +/** + Create a new, empty unpacked key. +*/ +static inline libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked +libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair(void) { + return libcrux_ml_kem_ind_cca_unpacked_default_7b_1b(); +} + +/** + Create a new, empty unpacked public key. +*/ +static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 +libcrux_ml_kem_mlkem768_portable_unpacked_init_public_key(void) { + return libcrux_ml_kem_ind_cca_unpacked_default_30_1b(); +} + +/** + Take a serialized private key and generate an unpacked key pair from it. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.keys_from_private_key +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_ind_cca_unpacked_keys_from_private_key_42( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked + *key_pair) { + Eurydice_slice_uint8_t_x4 uu____0 = + libcrux_ml_kem_types_unpack_private_key_b4( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t)); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice ind_cpa_public_key = uu____0.snd; + Eurydice_slice ind_cpa_public_key_hash = uu____0.thd; + Eurydice_slice implicit_rejection_value = uu____0.f3; + libcrux_ml_kem_ind_cpa_deserialize_vector_1b( + ind_cpa_secret_key, + key_pair->private_key.ind_cpa_private_key.secret_as_ntt); + libcrux_ml_kem_ind_cpa_build_unpacked_public_key_mut_3f( + ind_cpa_public_key, &key_pair->public_key.ind_cpa_public_key); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t), + ind_cpa_public_key_hash, uint8_t); + Eurydice_slice_copy( + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), + implicit_rejection_value, uint8_t); + Eurydice_slice_copy( + Eurydice_array_to_slice( + (size_t)32U, key_pair->public_key.ind_cpa_public_key.seed_for_A, + uint8_t), + Eurydice_slice_subslice_from(ind_cpa_public_key, (size_t)1152U, uint8_t, + size_t, uint8_t[]), + uint8_t); +} + +/** + Take a serialized private key and generate an unpacked key pair from it. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.portable.unpacked.keypair_from_private_key +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_keypair_from_private_key_fd( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked + *key_pair) { + libcrux_ml_kem_ind_cca_unpacked_keys_from_private_key_42(private_key, + key_pair); +} + +/** + Get an unpacked key from a private key. +*/ +static inline void +libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_from_private_mut( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked + *key_pair) { + libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_keypair_from_private_key_fd( + private_key, key_pair); +} + +/** +This function found in impl +{libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0, TraitClause@1]} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.serialized_private_key_mut_11 with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_mut_11_43( + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self, + libcrux_ml_kem_types_MlKemPrivateKey_d9 *serialized) { + libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = + libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_6c( + &self->public_key.ind_cpa_public_key, + &self->private_key.ind_cpa_private_key); + uint8_t ind_cpa_private_key[1152U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); + uint8_t ind_cpa_public_key[1184U]; + memcpy(ind_cpa_public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_mut_d6( + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)1184U, ind_cpa_public_key, uint8_t), + Eurydice_array_to_slice( + (size_t)32U, self->private_key.implicit_rejection_value, uint8_t), + serialized->value); +} + +/** +This function found in impl +{libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0, TraitClause@1]} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.serialized_private_key_11 with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_types_MlKemPrivateKey_d9 +libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_11_43( + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self) { + libcrux_ml_kem_types_MlKemPrivateKey_d9 sk = + libcrux_ml_kem_types_default_d3_28(); + libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_mut_11_43(self, &sk); + return sk; +} + +/** + Get the serialized private key. +*/ +static inline libcrux_ml_kem_types_MlKemPrivateKey_d9 +libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_private_key( + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked + *key_pair) { + return libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_11_43(key_pair); +} + +/** + Get the serialized private key. +*/ +static inline void +libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_private_key_mut( + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, + libcrux_ml_kem_types_MlKemPrivateKey_d9 *serialized) { + libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_mut_11_43(key_pair, + serialized); +} + +/** +This function found in impl +{libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0, TraitClause@1]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.serialized_dd +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 3 +- PUBLIC_KEY_SIZE= 1184 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_types_MlKemPublicKey_30 +libcrux_ml_kem_ind_cca_unpacked_serialized_dd_89( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self) { + uint8_t ret[1184U]; + libcrux_ml_kem_ind_cpa_serialize_public_key_89( + self->ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, self->ind_cpa_public_key.seed_for_A, + uint8_t), + ret); + return libcrux_ml_kem_types_from_fd_d0(ret); +} + +/** +This function found in impl +{libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0, TraitClause@1]} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_11 with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- K= 3 +- PUBLIC_KEY_SIZE= 1184 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_types_MlKemPublicKey_30 +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_11_89( + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self) { + return libcrux_ml_kem_ind_cca_unpacked_serialized_dd_89(&self->public_key); +} + +/** + Get the serialized public key. +*/ +static inline libcrux_ml_kem_types_MlKemPublicKey_30 +libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_public_key( + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked + *key_pair) { + return libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_11_89(key_pair); +} + +/** +This function found in impl +{libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0, TraitClause@1]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.serialized_mut_dd +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 3 +- PUBLIC_KEY_SIZE= 1184 +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_ind_cca_unpacked_serialized_mut_dd_89( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self, + libcrux_ml_kem_types_MlKemPublicKey_30 *serialized) { + libcrux_ml_kem_ind_cpa_serialize_public_key_mut_89( + self->ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, self->ind_cpa_public_key.seed_for_A, + uint8_t), + serialized->value); +} + +/** +This function found in impl +{libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0, TraitClause@1]} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_11 with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- K= 3 +- PUBLIC_KEY_SIZE= 1184 +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_11_89( + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self, + libcrux_ml_kem_types_MlKemPublicKey_30 *serialized) { + libcrux_ml_kem_ind_cca_unpacked_serialized_mut_dd_89(&self->public_key, + serialized); +} + +/** + Get the serialized public key. +*/ +static inline void +libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_public_key_mut( + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, + libcrux_ml_kem_types_MlKemPublicKey_30 *serialized) { + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_11_89(key_pair, + serialized); +} + +/** +This function found in impl {core::clone::Clone for +libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@2]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.clone_91 +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 3 +*/ +static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 +libcrux_ml_kem_ind_cpa_unpacked_clone_91_1b( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *self) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0[3U]; + core_array__core__clone__Clone_for__Array_T__N___clone( + (size_t)3U, self->t_as_ntt, uu____0, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d, void *); + uint8_t uu____1[32U]; + core_array__core__clone__Clone_for__Array_T__N___clone( + (size_t)32U, self->seed_for_A, uu____1, uint8_t, void *); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 lit; + memcpy( + lit.t_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); + memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U][3U]; + core_array__core__clone__Clone_for__Array_T__N___clone( + (size_t)3U, self->A, ret, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U], void *); + memcpy(lit.A, ret, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U])); + return lit; +} + +/** +This function found in impl {core::clone::Clone for +libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0, TraitClause@2]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.clone_d7 +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 3 +*/ +static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 +libcrux_ml_kem_ind_cca_unpacked_clone_d7_1b( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self) { + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit; + lit.ind_cpa_public_key = + libcrux_ml_kem_ind_cpa_unpacked_clone_91_1b(&self->ind_cpa_public_key); + uint8_t ret[32U]; + core_array__core__clone__Clone_for__Array_T__N___clone( + (size_t)32U, self->public_key_hash, ret, uint8_t, void *); + memcpy(lit.public_key_hash, ret, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +This function found in impl +{libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0, TraitClause@1]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.public_key_11 +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 * +libcrux_ml_kem_ind_cca_unpacked_public_key_11_1b( + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self) { + return &self->public_key; +} + +/** + Get the unpacked public key. +*/ +static inline void libcrux_ml_kem_mlkem768_portable_unpacked_public_key( + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *pk) { + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 uu____0 = + libcrux_ml_kem_ind_cca_unpacked_clone_d7_1b( + libcrux_ml_kem_ind_cca_unpacked_public_key_11_1b(key_pair)); + pk[0U] = uu____0; +} + +/** + Get the serialized public key. +*/ +static inline void +libcrux_ml_kem_mlkem768_portable_unpacked_serialized_public_key( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, + libcrux_ml_kem_types_MlKemPublicKey_30 *serialized) { + libcrux_ml_kem_ind_cca_unpacked_serialized_mut_dd_89(public_key, serialized); +} + +/** + Generate an unpacked key from a serialized key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.unpack_public_key +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- K= 3 +- T_AS_NTT_ENCODED_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_0a( + libcrux_ml_kem_types_MlKemPublicKey_30 *public_key, + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 + *unpacked_public_key) { + Eurydice_slice uu____0 = + Eurydice_array_to_subslice_to((size_t)1184U, public_key->value, + (size_t)1152U, uint8_t, size_t, uint8_t[]); + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_1b( + uu____0, unpacked_public_key->ind_cpa_public_key.t_as_ntt); + uint8_t uu____1[32U]; + libcrux_ml_kem_utils_into_padded_array_9e( + Eurydice_array_to_subslice_from((size_t)1184U, public_key->value, + (size_t)1152U, uint8_t, size_t, + uint8_t[]), + uu____1); + memcpy(unpacked_public_key->ind_cpa_public_key.seed_for_A, uu____1, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____2)[3U] = + unpacked_public_key->ind_cpa_public_key.A; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_b6( + Eurydice_array_to_subslice_from((size_t)1184U, public_key->value, + (size_t)1152U, uint8_t, size_t, + uint8_t[]), + ret); + libcrux_ml_kem_matrix_sample_matrix_A_2b(uu____2, ret, false); + uint8_t uu____3[32U]; + libcrux_ml_kem_hash_functions_portable_H_4a_e0( + Eurydice_array_to_slice((size_t)1184U, + libcrux_ml_kem_types_as_slice_e6_d0(public_key), + uint8_t), + uu____3); + memcpy(unpacked_public_key->public_key_hash, uu____3, + (size_t)32U * sizeof(uint8_t)); +} + +/** + Get the unpacked public key. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.portable.unpacked.unpack_public_key with +const generics +- K= 3 +- T_AS_NTT_ENCODED_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_31( + libcrux_ml_kem_types_MlKemPublicKey_30 *public_key, + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 + *unpacked_public_key) { + libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_0a(public_key, + unpacked_public_key); +} + +/** + Get the unpacked public key. +*/ +static inline void +libcrux_ml_kem_mlkem768_portable_unpacked_unpacked_public_key( + libcrux_ml_kem_types_MlKemPublicKey_30 *public_key, + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 + *unpacked_public_key) { + libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_31( + public_key, unpacked_public_key); +} #if defined(__cplusplus) } #endif -#define __libcrux_mlkem768_portable_H_DEFINED -#endif +#define libcrux_mlkem768_portable_H_DEFINED +#endif /* libcrux_mlkem768_portable_H */ /* rename some types to be a bit more ergonomic */ #define libcrux_mlkem768_keypair libcrux_ml_kem_mlkem768_MlKem768KeyPair_s -#define libcrux_mlkem768_pk_valid_result Option_92_s -#define libcrux_mlkem768_pk libcrux_ml_kem_types_MlKemPublicKey_15_s -#define libcrux_mlkem768_sk libcrux_ml_kem_types_MlKemPrivateKey_55_s +#define libcrux_mlkem768_pk libcrux_ml_kem_types_MlKemPublicKey_30_s +#define libcrux_mlkem768_sk libcrux_ml_kem_types_MlKemPrivateKey_d9_s #define libcrux_mlkem768_ciphertext libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s -#define libcrux_mlkem768_enc_result tuple_3c_s +#define libcrux_mlkem768_enc_result tuple_c2_s /* defines for PRNG inputs */ -#define LIBCRUX_ML_KEM_KEY_PAIR_PRNG_LEN 64 +#define LIBCRUX_ML_KEM_KEY_PAIR_PRNG_LEN 64U #define LIBCRUX_ML_KEM_ENC_PRNG_LEN 32 diff --git a/mlkem768.sh b/mlkem768.sh index 3d12b2e..053808f 100755 --- a/mlkem768.sh +++ b/mlkem768.sh @@ -4,14 +4,15 @@ # #WANT_LIBCRUX_REVISION="origin/main" -WANT_LIBCRUX_REVISION="84c5d87b3092c59294345aa269ceefe0eb97cc35" +WANT_LIBCRUX_REVISION="core-models-v0.0.4" +BASE="libcrux/libcrux-ml-kem/extracts/c_header_only/generated" FILES=" - libcrux/libcrux-ml-kem/cg/eurydice_glue.h - libcrux/libcrux-ml-kem/cg/libcrux_core.h - libcrux/libcrux-ml-kem/cg/libcrux_ct_ops.h - libcrux/libcrux-ml-kem/cg/libcrux_sha3_portable.h - libcrux/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h + $BASE/eurydice_glue.h + $BASE/libcrux_mlkem_core.h + $BASE/libcrux_ct_ops.h + $BASE/libcrux_sha3_portable.h + $BASE/libcrux_mlkem768_portable.h " START="$PWD" @@ -40,14 +41,70 @@ echo '/*' cat libcrux/LICENSE-MIT | sed 's/^/ * /;s/ *$//' echo ' */' echo -echo '#if !defined(__GNUC__) || (__GNUC__ < 2)' -echo '# define __attribute__(x)' -echo '#endif' -echo '#define KRML_MUSTINLINE inline' -echo '#define KRML_NOINLINE __attribute__((noinline, unused))' -echo '#define KRML_HOST_EPRINTF(...)' -echo '#define KRML_HOST_EXIT(x) fatal_f("internal error")' -echo + +LSHIFT="<<" +cat << _EOF +#if !defined(__GNUC__) || (__GNUC__ < 2) +# define __attribute__(x) +#endif +#define KRML_MUSTINLINE inline +#define KRML_NOINLINE __attribute__((noinline, unused)) +#define KRML_HOST_EPRINTF(...) +#define KRML_HOST_EXIT(x) fatal_f("internal error") + +static inline void +store64_le(uint8_t dst[8], uint64_t src) +{ + dst[0] = src & 0xff; + dst[1] = (src >> 8) & 0xff; + dst[2] = (src >> 16) & 0xff; + dst[3] = (src >> 24) & 0xff; + dst[4] = (src >> 32) & 0xff; + dst[5] = (src >> 40) & 0xff; + dst[6] = (src >> 48) & 0xff; + dst[7] = (src >> 56) & 0xff; +} + +static inline void +store32_le(uint8_t dst[4], uint32_t src) +{ + dst[0] = src & 0xff; + dst[1] = (src >> 8) & 0xff; + dst[2] = (src >> 16) & 0xff; + dst[3] = (src >> 24) & 0xff; +} + +static inline void +store32_be(uint8_t dst[4], uint32_t src) +{ + dst[0] = (src >> 24) & 0xff; + dst[1] = (src >> 16) & 0xff; + dst[2] = (src >> 8) & 0xff; + dst[3] = src & 0xff; +} + +static inline uint64_t +load64_le(uint8_t src[8]) +{ + return (uint64_t)(src[0]) | + ((uint64_t)(src[1]) $LSHIFT 8) | + ((uint64_t)(src[2]) $LSHIFT 16) | + ((uint64_t)(src[3]) $LSHIFT 24) | + ((uint64_t)(src[4]) $LSHIFT 32) | + ((uint64_t)(src[5]) $LSHIFT 40) | + ((uint64_t)(src[6]) $LSHIFT 48) | + ((uint64_t)(src[7]) $LSHIFT 56); +} + +static inline uint32_t +load32_le(uint8_t src[4]) +{ + return (uint32_t)(src[0]) | + ((uint32_t)(src[1]) $LSHIFT 8) | + ((uint32_t)(src[2]) $LSHIFT 16) | + ((uint32_t)(src[3]) $LSHIFT 24); +} +_EOF for i in $FILES; do echo "/* from $i */" @@ -58,11 +115,9 @@ for i in $FILES; do -e 's/[ ]*$//' \ $i | \ case "$i" in - */libcrux-ml-kem/cg/eurydice_glue.h) - # Replace endian functions with versions that work. - perl -0777 -pe 's/(static inline void core_num__u64_9__to_le_bytes.*\n)([^}]*\n)/\1 v = htole64(v);\n\2/' | - perl -0777 -pe 's/(static inline uint64_t core_num__u64_9__from_le_bytes.*?)return v;/\1return le64toh(v);/s' | - perl -0777 -pe 's/(static inline uint32_t core_num__u32_8__from_le_bytes.*?)return v;/\1return le32toh(v);/s' + */eurydice_glue.h) + # Replace endian function for consistency. + perl -0777 -pe 's/(static inline void core_num__u32__to_be_bytes.*\n)([^}]*\n)/\1 store32_be(dst, src);\n/' ;; # Default: pass through. *) @@ -75,11 +130,10 @@ done echo echo '/* rename some types to be a bit more ergonomic */' echo '#define libcrux_mlkem768_keypair libcrux_ml_kem_mlkem768_MlKem768KeyPair_s' -echo '#define libcrux_mlkem768_pk_valid_result Option_92_s' -echo '#define libcrux_mlkem768_pk libcrux_ml_kem_types_MlKemPublicKey_15_s' -echo '#define libcrux_mlkem768_sk libcrux_ml_kem_types_MlKemPrivateKey_55_s' +echo '#define libcrux_mlkem768_pk libcrux_ml_kem_types_MlKemPublicKey_30_s' +echo '#define libcrux_mlkem768_sk libcrux_ml_kem_types_MlKemPrivateKey_d9_s' echo '#define libcrux_mlkem768_ciphertext libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s' -echo '#define libcrux_mlkem768_enc_result tuple_3c_s' +echo '#define libcrux_mlkem768_enc_result tuple_c2_s' ) > libcrux_mlkem768_sha3.h_new # Do some checks on the resultant file @@ -137,8 +191,8 @@ cc -Wall -Wextra -Wno-unused-parameter -o libcrux_mlkem768_sha3_check \ ./libcrux_mlkem768_sha3_check # Extract PRNG inputs; there's no nice #defines for these -key_pair_rng_len=`sed -e '/^libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair[(]$/,/[)] {$/!d' < libcrux_mlkem768_sha3.h_new | grep 'uint8_t randomness\[[0-9]*U\][)]' | sed 's/.*randomness\[\([0-9]*\)U\].*/\1/'` -enc_rng_len=`sed -e '/^static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate[(]$/,/[)] {$/!d' < libcrux_mlkem768_sha3.h_new | grep 'uint8_t randomness\[[0-9]*U\][)]' | sed 's/.*randomness\[\([0-9]*\)U\].*/\1/'` +key_pair_rng_len=`grep '^libcrux_ml_kem_mlkem768_portable_generate_key_pair.*randomness' libcrux_mlkem768_sha3.h_new | sed 's/.*randomness[[]//;s/\].*//'` +enc_rng_len=`sed -e '/^static inline tuple_c2 libcrux_ml_kem_mlkem768_portable_encapsulate[(]$/,/[)] {$/!d' < libcrux_mlkem768_sha3.h_new | grep 'uint8_t randomness\[[0-9]*U\][)]' | sed 's/.*randomness\[\([0-9]*\)U\].*/\1/'` test -z "$key_pair_rng_len" && die "couldn't find size of libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair randomness argument" test -z "$enc_rng_len" && die "couldn't find size of libcrux_ml_kem_mlkem768_portable_kyber_encapsulate randomness argument"